2022-12-02 08:00:56.769286
Sophos Known Issues list

Central - Platform

Last updated: 30 Nov 2022 - 10:42:20
Key Affected versions Fix versions Summary Description Workaround
CPLAT-44980
      Sophos Central Partner Dashboard-Partner is not able to add a new admin in Partner Dashboard with a numeric value in the email address

      Sophos is aware of an issue/behavior in Sophos Central Partner Dashboard, under Settings & Policies > Administrators> - Partner is not able to add a new admin with a numeric value in the email address. Error received: "Email is required"

      Create the partner admin in the Partner Portal, then update their role in PDB when its added

      CPLAT-44946
          Central Dashboard-While setting up a user for the first time, the Customer wants to send the SSP setup link but the endpoint link is sent instead.

          Sophos is aware of an issue/behavior when on the users page while setting up a user for the first time, the Customer wants to send the SSP setup link but the endpoint link is sent instead of the SSP one.

          Clicked on the edit button on the user properties page and then sent the email again then the user was sent the SSP setup email successfully.

          CPLAT-44954
          • CPG 2022.27
            Sophos Kaseya plugin reports 'Invalid credentials supplied' with valid API credentials

            If the API credentials used are active and confirmed valid (this can be tested using postman or curl to do a basic whoami and tenent list query outside of Kaseya) and this continues to trigger this error - Please ensure that the following is open (without any regional restrictions) from your VSA server:

            Please ensure that the following is open (without any regional restrictions) from your VSA server:

            • Open traffic to and from kaseya.int100fra.ctr.sophos.com

            • Ensure the following IP Addresses are whitelisted - 18.159.54.20 , 3.123.181.234 , 52.59.169.88

            Documented in https://community.sophos.com/sophos-integrations/w/integrations/105/sophos-integration-with-kaseya-vsa

            CPLAT-44314
                Central Dashboard: The PDF export option on the Events page displays the report in the browser tab instead of downloading it

                Sophos is aware of an issue/behavior when on the main Events report page (https://cloud.sophos.com/manage/reports/protection/events/create) if you select either the 1. Export-->PDF of current view or 2. Export-->PDF of past 90 days - this will load and display the report in the browser instead of downloading it as a pdf.

                Choosing to save this report will fail with a network error. To get the pdf, choose ‘print’ and then save to a pdf.

                Related: When exporting in a CSV format, it will download, and the name of the file will be a report ID (instead of ‘Events.csv’)

                To get the pdf file, choose ‘print’ and then save to a pdf

                CPLAT-43430
                • CPG 2022.36
                  Re-login is required when opening link from Partner Portal to Partner Dashboard

                  Previously selecting the ‘Manage Sophos Central’ link in the Partner Portal dashboard would only prompt the MFA (multi-factor authentication) step before opening the Partner Dashboard. Currently, after selecting the link it will prompt you to re-authenticate with your username and password again before the MFA step.

                  N/A

                  CPLAT-44009
                      Enterprise DashBoard: Unable to create a sub-estate with the optional tickbox 'enable sample submission' is unticked

                      Unable to create a sub-estate with the optional tickbox 'enable sample submission' is unticked

                      When EDB super admin attempted to create the sub-estate, is should be possible to uncheck the checkbox next to "Enable sample submission” and continue to create the subestate.

                      However, with this unchecked, the "Create sub-estate" button currently does not work. Currently the only way for this button to be enabled is to check the Enable sample submission. tick box.

                      This option can later be turned off after creation by going to the Subestates ‘Global Settings-->Malware Sample Submission’ section.

                      Turn the option off after creating a sub-estate by going to Global Settings-->Malware Sample Submission and turning it off.

                      CPLAT-44003
                      • CPG 2022.33
                        ADSyncWarningEvent: Medium alert with 'User' 5.0.0.414 does not contain any other details

                        A medium alert may be seen in Central Dashboard related to an error triggered by an On premis ADsync sync.

                        • Description: ADSyncWarningEvent

                        • User: 5.0.0.414

                        The email alert received incorrectly states this is about failing to import certain users.

                        The error triggered in this scenario is related to ‘Device' syncing and not a ‘User’ sync. The particular device(s) in question should be listed in the Central Audit log. The reason for the failure to sync this device directory object with Central is currently not known, and the root issue is being investigated separately from the incorrect alert.

                        There is nothing an administrator can do to self-remediate this error. This type of ADSyncWarningEvent alert should be ignored in the interim of the root issue becoming resolved.

                        CPLAT-43068
                        • CPG 2022.30
                          Enterprise and Partner Dashboards: The 'Customers' or 'Sub-Estates' section may seem frozen for a few seconds after the page loads

                          Sophos Engineering is aware of an issue reported where some Enterprise or Partner Dashboards that have a lot of sub-estates or customers, may experience that their Subestate/Customers section is not responsive for a few seconds after it initially loads. (eg. not able to select or scroll through it). The larger the environment (more Subestates or Customers) the longer the delay may be.

                          Until this is resolved, some Partner/Enterprise Dashboard administrators will need to wait a few seconds before the Customers/Sub-Estates page becomes responsive.

                          CPLAT-43495
                          • CPG 2022.39
                            Central Dashboard: Enabling the 'User Access' global setting no longer auto enrolls previously added Central users into the Self Service Portal role

                            Global Settings → User Access (Sophos Central Self Service Portal Access)

                            Sophos Engineering is aware that when this option is turned on, it is currently not applying the Self Service role to ‘previously’ created users that did not already have this (or any role) already applied. New users created after this option is enabled will still correctly get the role applied as expected.

                            In the interim of this being resolved - go to your People/Users page and sort by 'Role'. Select the user(s) without a role then chose the 'Email Setup Link' button --> select the tick box on the bottom 'send a welcome email for the Self Service Portal' and 'save'.

                            Any user who does not have a role already (in this or any other Central account) will then 1. Have the self-service role applied, and 2. Depending on what you have configured in your 'sign-in' Global settings, a welcome email will be sent (or not)

                            CPLAT-43055
                            • CPG 2022.33
                              Enterprise Dashboard: When editing an administrator may show any custom role names as 'empty'

                              Sophos Engineering is aware of a UI issue that is seen in Enterprise Dashboards that have/use Custom Roles. When editing a currently created administrator, the ‘role’ pull-down menu currently replaces the names of any custom roles with ‘empty’. If there is more than one custom role, then an Administrator is not able to know which custom role should be selected.

                              Until this issue is resolved, Administrators who want to change the membership of an administrator to a Custom Role, should do so under the 'Roles' tab. You can select the custom role, then edit the members.

                              CPLAT-41625
                                  Central Dashboard: Save Remote Assistance may take longer than expected

                                  The remote assistance enablement in Sophos Central Dashboard may take longer than expected if there are a lot of self-service user accounts/Admin user accounts exist.

                                  Reference KB Article: Sophos Central: Turn on Sophos Support remote access for either MSP/Flex or Enterprise Master-licensed Sophos Central accounts

                                  In the interim of this being fixed, please wait until you see a pop-up message/green message box "Remote Access Enabled" once click the Save button. You may experience a number of pop-up windows with "Remote Access Enabled" message.

                                  CPLAT-41379
                                  • CPG 2022.21
                                    ADsync on-premise utility: Manual sync will trigger an error 409 / Conflict when another sync process is still running

                                    Central Dashboard: ADsync on-premise utility - sync failures reported by some after the utility upgraded. Error = 409 Conflict

                                    Local ADsync log will show the following error with each sync attempt since the utility was upgraded to version 5: "error": "CONFLICT", "message": "Directory source should be active and no other sync should be running to trigger a new sync."} / HTTP 409: Conflict

                                    See workaround section for how to fix this

                                    Expected behavior when another sync is still running

                                    CPLAT-41466
                                    • CPG 2022.21
                                      ADsync 5: Manual sync operations have an up to 15 minute polling delay before the sync will begin

                                      When running a manual sync from the ADsync version 5 utility, it is expected that there is a delay of up to 15 minutes before the actual sync will begin. During this time the UI will show “Sync Status: Initiated sync status with Central”. Once the sync begins after the up to 15 minute delay, you will see a green progress bar and details of the sync. Once the scan is completed, the sync status returns to “Not currently Synchronizing” (and the time stamp of the next scheduled sync if configured)

                                      Scheduled sync will not experience the manual sync delay.

                                      Expected behavior

                                      CPLAT-41523
                                      • CPG 2022.21
                                        Partner or Enterprise Dashboard: The Customer/Subestate and License pages may show the incorrect expiration date for some customer licenses

                                        Partner Dashboard and Enterprise Dashboard may show an incorrect expiration date for some licenses/customers. The expiration date is incorrectly showing the previously renewed license date, instead of the current license expiration. The date is shown correctlyin the Central Dashboard.

                                        In the interim of this being resolved, the correct expiration date can be confirmed by launching the Central Dashboard in question and viewing their License page.

                                        CPLAT-41524
                                        • CPG 2022.21
                                          Partner Dashboard: Sophos Customers page - A Cloud Optix trial icon may incorrectly show for next to some Customers.

                                          The Partner Dashboard ‘Sophos Customers’ page, may incorrectly show an empty Optix trial icon for one or more customers. The customers' dashboard does not have an Optix trial enabled.

                                          In the interim of this being removed, the icon should be ignored.

                                          CPLAT-36682
                                          • CPG 2020.14
                                            CDB/EDB - Internet Explorer performance with Central Dashboards is slower

                                            When using Internet explorer please note that you may experience longer than normal page load times working in Sophos Enterprise and/or Sophos Central dashboards.

                                            We expect to address this in the future, in the interim please use Chrome or Firefox to manage Sophos Dashboards.

                                            CSA-11622
                                            • CPG 2022.18
                                              Central Dashboard: Custom firewall reports are only able to be sent to local Central Administrators (not Partner or Enterprise administrators)

                                              Central Dashboard: Custom firewall reports are only able to be sent to local Central Administrators (not Partner or Enterprise administrators)

                                              If a Partner or Enterprise Administrator attempts to add non local administrators to firewall reports (Firewall Management > Report Generator > (add or edit any report) > Available Recipients section.

                                              If you add any Partner or Enterprise Dashboard administrators, these will not receive the report via email. Additionally, when you reopen the report, these administrator names added will show as UUIDs.

                                              There is no workaround to this issue

                                              There is no workaround to this issue. Currently only local administrators are able to be used for Firewall report delivery at the Central Dashboard level

                                              CSA-10514
                                                  Central Dashboard: Events Report - Server re-protected events remain visible, even after unticking Event type Computer and Server re-protected

                                                  There is a known behavior when viewing particular events on the Events Report page (https://cloud.sophos.com/manage/reports/protection/events/create). The Server re-protected events will remain visible, even after unticking the Event type ‘Computer and Server re-protected’ category.

                                                  Until this is resolved, the “Computer or server re-protected” event needs to be ignored in the report. As we understand that this can be annoying, there is a limitation in our current design, and the fix required, unfortunately, needs a good amount of changes. We are in the transformative process of handling all events to go through a centralized workflow.

                                                  CPERF-4307
                                                      Times presented in exported reports look different between PDF and CSV formats.

                                                      "Reports that are exported as a PDF have times annotated as UTC

                                                      Reports that are exported as CSV have times listed in the time zone of the user running the report.

                                                      The times are the same in UTC "

                                                      This difference in how the times are presented between reports will be addressed in a future version of Central Admin.

                                                      This is an example of what to expect (all times are equal):

                                                      1. PDF is UTC time (Regardless of time zone where report is pulled)
                                                      = 9/8/17 10:57 PM

                                                      2. CSV report pulled from system in EST
                                                      = 2017-09-08 T 17:57:01-05:00

                                                      3. CSV report pulled from the system in PST
                                                      = 2017-09-08 T 14:57:01-08:00

                                                      CPLAT-36762
                                                      • 2019.12
                                                        When logging into Central Partner Dashboard from the id.sophos.com page, you may sometimes get re-directed to a settings/text page instead of the Dashboard

                                                        When logging into Central Partner Dashboard from the id.sophos.com page, you may sometimes get re-directed to a settings/text page instead of the Dashboard

                                                        Clearing the browser's cache will temporarily resolve this, though it may happen again until this is resolved.

                                                        In the interim, you can avoid this by either logging in to either the Partner Portal first (https://partnerportal.sophos.com then select the 'Manage Sophos Central' link) or log directly into the Partner Dashboard (https://cloud.sophos.com/manage/partner/)

                                                        Additional information can be found in KBA: https://sophserv.sophos.com/article/121583 (selecting the question "Why do I see a page of text after attempting to log into Partner Dashboard?")

                                                        CPLAT-36758
                                                        • 2017.32
                                                          Central Admin: 'Logs and Reports' date behaviour is based off of UTC backend and not customer/dashboard timezone

                                                          When viewing or exporting events based on Dates from the 'Logs & Reports' section of Sophos Central Admin;

                                                          The resulting events will be shown based off of a 24 hour UTC day instead of a 24 hour period within the time zone of the user.

                                                          "This is currently expected behavior though there are plans to have this changed in the future to better match the time zone of the user generating the report.

                                                          Additional information can be found in KBA: https://support.sophos.com/support/s/article/KB-000036898

                                                          CSA-9819
                                                          • CPG 2019.45
                                                            Central Dashboard: Event report (both the UI and Exporting) results may contain extra events depending on Timezone in use.

                                                            When using custom date ranges within an Event report, the returned results incorrectly include events that go beyond the expected Timezone offset. 

                                                            Additional information can be found in our knowledge base article https://support.sophos.com/support/s/article/KB-000036898

                                                            CPLAT-37603
                                                            • CPG 2021.40
                                                              Central Dashboard: The UI performance is slower within the 'Custom Rules' user selection window in Federation login settings page when there are hundreds or thousands of users

                                                              When adding users on the Federation Global settings page (within the 'Custom Rules' user selection window), this can take longer than expected (minute +) when there are hundreds or thousands of users with logins to display.

                                                              N/A

                                                              CPERF-4913
                                                              • CPG 2021.40
                                                                Central Dashboard: It is not possible to delete some users via Central API due to those users being unlinked from our Directory services.

                                                                Central Dashboard: It is not possible to delete some users via Central API due to those users being unlinked from our Directory services. This does not affect manually deleting of users within Central Dashboard.

                                                                Until this issue is resolved, these users can be deleted manually within Central Dashboard

                                                                CPERF-5525
                                                                • CPG 2022.15
                                                                  Central Dashboard: Not able to configure group or user filters in the AzureAD - Directory services page. (options under the pull down menus are not selectable)

                                                                  Central Dashboard: It is not currently possible to select any options from the pull-down menus within the AzureAD - Directory services page.

                                                                  This affects the following filter options, and these are not currently configurable:

                                                                  In the interim of this being resolved please use either the ‘All users and groups’ or the ‘Add users by group ID’ filter option

                                                                  CPLAT-40270
                                                                  • CPG 2022.06
                                                                    Sophos AutoMate plugin - The 'Computers' section performance can be very slow when there are thousands of computers to display.

                                                                    There is a known issue/behavior where Partners who are managing thousands of computers within the Sophos Automate Plugin will see a dramatic delay when working within the ‘Computers’ section of our plug in (15 minutes to make a change/or see an update)

                                                                    There is no workaround in the interim of this being addressed.

                                                                    CPLAT-39841
                                                                    • CPG 2022.09
                                                                      Central Dashboard Audit log - "anonymous failed authentication" entry is due to an expected API Service Principal JWT renewal error.

                                                                      When using API credentials (Service Principals) - certain jwt token refresh errors can be logged in the Central Dashboards Audit log as 'anonymous:' and 'failed authentication' with the IP of source. (eg. siem.py script/ ADsync utility/ etc). This is an expected logging event that can occur during normal operation and it does not require any follow up action.

                                                                      These entries can be ignored. See https://support.sophos.com/support/s/article/KB-000043845 for more information.

                                                                      CPLAT-37411
                                                                      • CPG 2020.47
                                                                        Enabling or Disabling Enterprise Dashboard can cause an 'Authentication failure' for the admin who triggered the process

                                                                        Sometimes during the EDB enablement process, the conversion of the Central Super Admin to Enterprise Super Admin may fail. In that scenario, you will get an 'Authentication Failure' when trying to log back into your newly created Enterprise Dashboard.

                                                                        If you encounter this, please follow the 'Forgot Password' link/process which will repair your login and access for that account.

                                                                        CPLAT-37431
                                                                        • 2017.23
                                                                          Partner Dashboard: brief/temporary "400 Bad Request" errors seen related to browsers cookies

                                                                          It is possible to see an '400 bad request' or 'Header Field Too Long' error when performing certain tasks within Partner Portal. This may be seen trying to log into Partner Dashboard (before the MFA option screen comes up).

                                                                          Additional information can be found in KBA:
                                                                          https://support.sophos.com/support/s/article/KB-000036804

                                                                          CPERF-4306
                                                                          • CPG 2019.15
                                                                            If a CSV upload of users takes longer than 5 minutes to complete, this will timeout, and the loading/spinning wheel will continue indefinitely in the UI

                                                                            While there is no limit given to the number of users that can be attempted to upload (outside of the 2MB file size limitation).

                                                                            It is recommended to upload users in batches of 1000 at a time. It is possible to upload more at once, though depending on the time of day (peak business hours) you may experience this timeout behavior.

                                                                            Additional information can be found in customer KBA https://support.sophos.com/support/s/article/KB-000038811?language=en_US

                                                                            CPLAT-36752
                                                                                Using certain browser extensions, error 403 or 404 is received during the selection of the authentication type during MFA setup

                                                                                Using certain browser extensions, error 403 or 404 is received during the selection of the authentication type during MFA setup

                                                                                Additional information can be found in customer KBA https://support.sophos.com/support/s/article/KB-000038802?language=en_US

                                                                                Central Endpoint - Mac

                                                                                Last updated: 27 Sep 2022 - 07:56:27
                                                                                Reference Planned fixed version Summary Description Workaround
                                                                                MACEP-6850
                                                                                • Q4 2022
                                                                                E-mail installer link for macOS does not register to user

                                                                                If an e-mail installer link is used from Central on macOS, it will not register to the user.

                                                                                Associate the user manually in Central

                                                                                MACEP-6987
                                                                                  Incompatibility with LightSpeed relay agent

                                                                                  When Sophos and LightSpeed relay agent are installed together, web browsing will fail to load webpages and installs will fail.

                                                                                  Uninstall LightSpeed relay agent

                                                                                  MACEP-6874
                                                                                    Web Browsing may fail when running Ava Reveal alongside Sophos for MacOS

                                                                                    Ava Reveal’s web protection filter and the Sophos web protection filters may cause web browsing to fail when both are loaded.

                                                                                    Sophos has worked with Ava and we have found that multiple content filters and a transparent proxy triggers an OS issue. As of August 2022, this is considered an incompatibility due to the OS.

                                                                                    Turn off Ava Reveal extension or uninstall Sophos for MacOS

                                                                                    MACEP-6851
                                                                                    • Will not be fixed
                                                                                    MacOS name is incorrect in Sophos Enterprise Console after 9.13.0 update for Big Sur and Monterey

                                                                                    In the release 9.13.0 of the SEC-based Endpoint for macOS, the name of the OS no longer shows 11 or 12, but 10.16 in Sophos Enterprise Console

                                                                                    This will not be fixed before the retirement of this Endpoint in July 2023.

                                                                                    None

                                                                                    MACEP-6842
                                                                                    • Q3 2022
                                                                                    Heartbeat false positive alerts with macOS 12 Monterey

                                                                                    Multiple times per day the security heartbeat can report drops for macOS Monterey clients when they did not actually drop.

                                                                                    None

                                                                                    MACEP-6843
                                                                                    • 10.4.1
                                                                                    Sophos diagnostic utility (SDU) may not collect SophosDiagnostic logs

                                                                                    If an SDU is triggered as a regular user (not administrator) or via the Central Dashboard, the SophosDiagnostics log output is not captured.

                                                                                    Run the SDU as an Administrator account

                                                                                    Central Endpoint/Server - General

                                                                                    Last updated: 16 Nov 2022 - 11:12:15
                                                                                    Reference Planned fixed version Summary Description Workaround
                                                                                    CESG-23660
                                                                                      Cannot autofix policies with advanced settings turned off

                                                                                      Account Health Check “Autofix” cannot fix policies that have the advanced settings turned off/not on recommended.

                                                                                      CESG-23373
                                                                                        Central decision to generate a new registration token is case sensitive causing unexpected duplicates

                                                                                        The checks performed by Sophos Central determining if a device is a duplicate or not is case sensitive.

                                                                                        Sophos Central checks for the following information before making the decision to create a new entry or keep the existing one during the client registration:

                                                                                        -Domain name
                                                                                        -Computer name (Netbios name)
                                                                                        -OS (e.g. Win10, not more specific/detailed than that)
                                                                                        -FQDN
                                                                                        -Mac serial number (if a Mac)
                                                                                        -Whether SSPL or not (Linux)
                                                                                        -If it is marked as a clone always create a new entry

                                                                                        All of the checks are case-sensitive.

                                                                                        Central Endpoint/Server - Linux

                                                                                        Last updated: 02 Dec 2022 - 08:00:08
                                                                                        No known issues!

                                                                                        Central Endpoint/Server - Windows

                                                                                        Last updated: 23 Nov 2022 - 13:05:28
                                                                                        Reference Planned fixed version Installed Product Summary Description Workaround
                                                                                        WINEP-40999
                                                                                        • TBD
                                                                                        • Device Encryption
                                                                                        Encryption of non-boot volumes fails on specific ARM64 devices

                                                                                        On ARM64 devices that are using the SCM or UFS storage bus type for the internal storage, the encryption of data volumes (non-boot volumes) does not start. However, system drives (boot volumes) get encrypted as expected.

                                                                                        Known models affected by the issue: Lenovo Yoga C630, Samsung Galaxy Book S

                                                                                        Other ARM64 devices utilizing SCM or UFS storage bus type are expected to be affected as well.

                                                                                        For the time being, the only option is using the complete available space of the internal storage for the system volume.

                                                                                        WINEP-42285
                                                                                        • Core Agent 2022.3.0.56 (Win10 64bit and later) - Core Agent 2022.3.0.84 (WinServer 2016 and later)
                                                                                        • Core Agent
                                                                                        Firefox intermittently does not load Gmail

                                                                                        Some customers have reported Firefox having issues loading Gmail intermittently. This is due to a connection reset issue.

                                                                                        Applies to Core Agent version 2.20.13 and above. This has been improved in Core Agent 2022.2.1

                                                                                        In the Threat Protection policy, turn off Real-Time Scanning - Internet
                                                                                        In the Web Control policy, turn off Web Control

                                                                                        WINEP-42550
                                                                                        • Core Agent 2022.3.0.56 (Win10 64bit and later) - Core Agent 2022.3.0.84 (WinServer 2016 and later)
                                                                                        • Core Agent
                                                                                        Web browsing and download speeds are slower when Web Control and / or Real-time scanning Internet in Threat Protection is enabled

                                                                                        Web browsing and download speeds are slower Web Control and / or Real-time scanning Internet in Threat Protection is enabled

                                                                                        Turn off Web Control policy
                                                                                        Turn off the settings under Real-time scanning Internet in Threat Protection

                                                                                        WINEP-42908
                                                                                        • Core Agent 2022.3.0.56 (Win10 64bit and later) - Core Agent 2022.3.0.84 (WinServer 2016 and later)
                                                                                        • Core Agent
                                                                                        Unable to cast when HTTPS scanning is on to Chromecast

                                                                                        With HTTPS/SSL scanning turned on, unable to cast to Chromecast devices.

                                                                                        Add website exclusion for both HTTPS and Threat protection website exclusion for the IP of the Chromecast device

                                                                                        WINEP-43410
                                                                                        • Core Agent 2022.3.0.56 (Win10 64bit and later) - Core Agent 2022.3.0.84 (WinServer 2016 and later)
                                                                                        • Core Agent
                                                                                        Couldn’t download - Network issue error with Senso.Cloud and iBoss

                                                                                        The download of large files fails when Senso Cloud, iBoss, and other third-party Windows Filtering Platform (WFP) programs are installed alongside Sophos Central Endpoint

                                                                                        The error seen in the browser:
                                                                                        Couldn’t download - Network issue  

                                                                                        Please see KB for workaround steps for reported product conflicts - https://support.sophos.com/support/s/article/KB-000044418

                                                                                        WINEP-43569
                                                                                        • Core Agent 2022.3.0.56 (Win10 64bit and later) - Core Agent 2022.3.0.84 (WinServer 2016 and later)
                                                                                        • Core Agent
                                                                                        BSOD NETIO.SYS

                                                                                        After the update to Windows Core Agent 2022.2.1.9 a BSOD may occur with the faulting module being - NETIO.sys

                                                                                        The issue is still under investigation, and improvements are expected in the next Core Agent version.

                                                                                        Please see KBA for workaround steps - https://support.sophos.com/support/s/article/KB-000044389

                                                                                        WINEP-42551
                                                                                        • Core Agent 2022.3.0.56 (Win10 64bit and later) - Core Agent 2022.3.0.84 (WinServer 2016 and later)
                                                                                        • Core Agent
                                                                                        Uploading larger files to FileVine or other document management systems may fail

                                                                                        Uploading larger files to FileVine or other document management systems may fail.

                                                                                        Turn off Web Control
                                                                                        Turn off Real-time scanning Internet

                                                                                        WINEP-43578
                                                                                        • Core Agent 2022.3.0.56 (Win10 64bit and later) - Core Agent 2022.3.0.84 (WinServer 2016 and later)
                                                                                        • Core Agent
                                                                                        Clicking on multiple links multiple times in Firefox generating error - ERR_SSL_BAD_RECORD_MAC_ALERT

                                                                                        When using Firefox and browsing a website (IE: Google) and clicking on different links quickly can generate an error: ERR_SSL_BAD_RECORD_MAC_ALERT

                                                                                        1. Close and re-launch Firefox
                                                                                        2. Turn off Web Control and Real-time scanning - Internet
                                                                                        3. Set "security.tls.enable_0rtt_data" = false on the about:config page for Firefox

                                                                                        WINEP-43576
                                                                                          • Core Agent
                                                                                          Devices being detected as a clone when using VMware Horizon with ClonePrep

                                                                                          The gold image switch is not working for VMware Horizon with ClonePrep environment.

                                                                                          The issue occurs here because when using “ClonePrep” the device is snapshotted and then spun up - a snapshot is then created from this new machine before it's snapshotted and cloned again.

                                                                                          As an example: The machine they use as the “GoldImage” GOLD-W10 is then renamed to W10-1 itself and then from W10-1 a new machine is created called W10-2 and this then repeats.

                                                                                          The workaround is to use the older style gold image prep script

                                                                                          The workaround is to use the gold image prep script during the shutdown.
                                                                                          Details are described in the following KB: https://support.sophos.com/support/s/article/KB-000035040

                                                                                          WINEP-43577
                                                                                            • Core Agent
                                                                                            Citrix - Users profiles doesn't get deleted, sessions don't terminate, app doesn't launch.

                                                                                            After upgrading servers to Core Agent 2022.2 Citrix User Profile Manager process may fail to delete users' temp profiles.

                                                                                            Possible symptoms:

                                                                                            i. user profile is not deleted automatically

                                                                                            ii. ongoing sessions (sessions not getting removed)

                                                                                            iii. some applications fail to launch halfway

                                                                                            The investigation is ongoing.

                                                                                            Add below exclusions type for both "Process (Windows)" and "Process Hashing exclusions (Windows)":
                                                                                            %ProgramFiles%\Citrix\Broker\Service\HighAvailabilityService.exe
                                                                                            %ProgramFiles%\Citrix\Broker\Service\BrokerService.exe
                                                                                            %ProgramFiles%\Citrix\ConfigSync\ConfigSyncService.exe
                                                                                            %ProgramFiles%\Citrix\User Profile Manager\UserProfileManager.exe
                                                                                            %ProgramFiles%\Citrix\Virtual Desktop Agent\BrokerAgent.exe

                                                                                            WINEP-44672
                                                                                              • Intercept X
                                                                                              Systems running CryptoPro CSP trigger APCViolation alerts

                                                                                              Systems running CryptoPro CSP software (http://www.cryptopro.ru) raise APCViolation alerts against random processes on the system (e.g. C:\Program Files (x86)\Sophos\AutoUpdate\Telemetry\SubmitTelem.exe).

                                                                                              Disable "Prevent APC violation" in the Threat Protection policy of the Endpoints that need to run CryptoPro CSP.

                                                                                              WINEP-44278
                                                                                              • TBD
                                                                                              • Intercept X
                                                                                              Credential Guard alerts against tasklist.exe when creating a Diagnose Log in Monitor Mode

                                                                                              With ‘Monitor Mode’ enabled for the Sophos Central Account (Account Details -> Account Preferences -> Evaluation Modes -> Monitor mode), creating a Diagnose Log from Sophos Central will trigger a Credential Guard alert when Diagnose calls “C:\Windows\System32\tasklist.exe /M /FO CSV”

                                                                                              This is a detection that only occurs in Monitor Mode.

                                                                                              WINEP-42333
                                                                                              • TBD (Win10 64bit and later) - TBD (WinServer 2016 and later) - TBD (W10 32bit/W8.1/W8/W7) - TBD (WinServer 2012/R2/2008R2)
                                                                                              • Intercept X
                                                                                              Adding multiple thousand Exploit Mitigation exclusions may result in high CPU load for hmpalert.exe

                                                                                              HitmanPro.Alert Service (Hmpalert.exe) is consuming high CPU when multiple thousand Exploit Mitigation Exclusions are applied to an Endpoint and stored in the Endpoint registry (e.g. under HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert_policy_\java.exe).

                                                                                              WINEP-42332
                                                                                              • TBD (Win10 64bit and later) - TBD (WinServer 2016 and later) - TBD (W10 32bit/W8.1/W8/W7) - TBD (WinServer 2012/R2/2008R2)
                                                                                              • Intercept X
                                                                                              Moving and overwriting files on a network location with Ransomware Protection enabled locally may slow down the move operation

                                                                                              Moving and overwriting files on a network location with Ransomware Protection enabled locally may slow down the move operation.

                                                                                              WINEP-42324
                                                                                              • Intercept X 2022.1.3.3
                                                                                              • Intercept X
                                                                                              Ransomware Protection may raise a false alert due to linking unrelated files together when files share the same name (but different file extension)

                                                                                              Ransomware Protection may raise a false alert due to linking unrelated files together when files share the same name (but different file extension)

                                                                                              WINEP-42326
                                                                                              • Intercept X 2022.1.3.3
                                                                                              • Intercept X
                                                                                              Ransomware Protection may raise an alert against Backup/Sync software if ransomware notes get restored from backup and therefore terminates the backup process

                                                                                              Ransomware Protection may raise an alert against Backup/Sync software if actual ransomware notes are restored from a backup and therefore terminates the backup/sync process.

                                                                                              WINEP-42327
                                                                                              • Intercept X 2022.1.3.3
                                                                                              • Intercept X
                                                                                              Ransomware Protection may raise a false alert against license documents (license.html and license.htm)

                                                                                              Ransomware Protection may raise a false alert against license documents (license.html and license.htm)

                                                                                              WINEP-42321
                                                                                              • Intercept X 2022.1.3.3
                                                                                              • Intercept X
                                                                                              Ransomware Protection compatibility improvements with eFlow

                                                                                              Improved Ransomware Protection compatibility with 3rd party software eFlow.

                                                                                              Hotfix version 3.9.0.1222 can be applied as a workaround.
                                                                                              Check KB-000038477 for details and download.

                                                                                              WINEP-42329
                                                                                              • Intercept X 2022.1.3.3
                                                                                              • Intercept X
                                                                                              Browsing a website with Microsoft Edge on Windows 10 32-bit systems may result in error 0x80000001

                                                                                              Browsing a website with Microsoft Edge on Windows 10 32-bit systems may result in error 0x80000001

                                                                                              Turn off Data Execution Prevention on Microsoft Edge for affected systems.

                                                                                              1. Sign in to Sophos Central.
                                                                                              2. Go to Overview > Endpoint Protection > Policies > Threat Protection Policy > Settings.
                                                                                              3. Click Add Exclusion (on the right of the page).
                                                                                              4. Under Exclusion Type, select Exploit Mitigation (Windows).
                                                                                              5. In the application list, select Microsoft Edge
                                                                                              6. Under Mitigations, turn off Data Execution Prevention.
                                                                                              7. Click Add.
                                                                                              8. Click Save.

                                                                                              WINEP-43580
                                                                                                  Various types of intermittent networking issues on platforms running Red Hat VirtIO Ethernet Adapter

                                                                                                  Virtualization platforms (e.g. Red Hat KVM, Nutanix VM, Proxmox) running Red Hat VirtIO Ethernet Adapter Service with the default netkvm.sys driver (C:\Windows\system32\drivers\netkvm.sys from 11/08/2016) may show various types of intermittent networking issues when Sophos Network Threat Protection Service is running and the service may show as stuck in a starting state after rebooting the system.

                                                                                                  Update the Red Hat VirtIO Ethernet Adapter drivers to the latest version.

                                                                                                  WINEP-44248
                                                                                                    • Core Agent
                                                                                                    High non-paged pool memory consumption from Sophos Endpoint Defense (pool tags Sg01 and Sg03)

                                                                                                    Windows Servers might show an increased non-paged pool memory consumption from a pool tag labeled Sg01 or Sg03. The memory is allocated by the Sophos Endpoint Defense Data Content Records (used to keep track of PE-file information and SHA-256 values) which get loaded on boot.

                                                                                                    WINEP-44348
                                                                                                    • Core Agent 2023.1 (WinServer 2016 and later)
                                                                                                    • Core Agent
                                                                                                    On Domain Controllers, the Network Setup Service is stopping and starting every 30 seconds

                                                                                                    The Sophos Network Threat Protection Service utilizes a routine that is called every 30 seconds, which creates a local variable when initialized, resulting in a start of the Network Setup Service.

                                                                                                    WINEP-44388
                                                                                                    • n/a
                                                                                                    • Core Agent
                                                                                                    Update Cache doesn't show all devices under the 'Using This Cache' list in Sophos Central

                                                                                                    Even though updating correctly from an Update Cache, Endpoints running on Windows 7, Windows 8.x, or Windows 10 x86 as well as Windows Server 2012 R2 (and below) are not listed in the ‘Using This Cache’ list in Sophos Central.

                                                                                                    WINEP-43484
                                                                                                        Sophos update failing with Check Point VPN version 86.40.

                                                                                                        Updates fail when Sophos Central Endpoint is installed alongside Check Point VPN version 86.40

                                                                                                        Please see KBA for workaround steps - https://support.sophos.com/support/s/article/KB-000044497

                                                                                                        WINEP-43570
                                                                                                          • Core Agent
                                                                                                          Internet browsing stopping when resources are low

                                                                                                          Endpoints may lose internet browsing capabilities when resources are low.

                                                                                                          Error seen in logs: 2022-04-27T13:43:18.079Z [ 4712: 4476] E Exception in input: Failed to read from device: Insufficient quota to complete the requested service.

                                                                                                          The investigation of this topic is ongoing. For the time being the workaround mentioned here can be applied.

                                                                                                          Turn off the following policies and settings:

                                                                                                          Web Control policy
                                                                                                          Three settings under Real-time scanning Internet in Threat Protection policy

                                                                                                          WINEP-42331
                                                                                                          • TBD (Win10 64bit and later) - TBD (WinServer 2016 and later) - TBD (W10 32bit/W8.1/W8/W7) - TBD (WinServer 2012/R2/2008R2)
                                                                                                            Lockdown mitigation compatibility improvements for applications creating *.mdb files

                                                                                                            The creation of *.mdb files may trigger a Lockdown detection.

                                                                                                            Disable Lockdown mitigation for MSAccess application via Threat Protection policy only to affected systems.

                                                                                                            WINEP-42704
                                                                                                            • TBD (Win10 64bit and later) - TBD (WinServer 2016 and later) - TBD (W10 32bit/W8.1/W8/W7) - TBD (WinServer 2012/R2/2008R2)
                                                                                                            • Intercept X
                                                                                                            Folder-based Ransomware Protection exclusions that target a mapped network drive (e.g. X:\), do not apply

                                                                                                            Folder-based Ransomware Protection exclusions that target a mapped network drive (e.g. X:\), do not apply.

                                                                                                            Apply the latest Sophos Intercept X cumulative hotfix from KB-000038477 and change the mapped network drive exclusion to point towards the network location, using a wildcard for the server name. Example: If "X:\" is mapped to"\\server1\share2\folder3", update the folder-based ransomware exclusion to target "**\share2\folder3"

                                                                                                            WINEP-42322
                                                                                                            • TBD (Win10 64bit and later) - TBD (WinServer 2016 and later) - TBD (W10 32bit/W8.1/W8/W7) - TBD (WinServer 2012/R2/2008R2)
                                                                                                            • Intercept X
                                                                                                            Folder-based Ransomware Protection exclusion (Windows) cannot be applied to root drives (e.g. “C:\”)

                                                                                                            Folder-based Ransomware Protection exclusion (Windows) cannot be applied to root drives (e.g. “C:\”)

                                                                                                            WINEP-42328
                                                                                                            • TBD (Win10 64bit and later) - TBD (WinServer 2016 and later) - TBD (W10 32bit/W8.1/W8/W7) - TBD (WinServer 2012/R2/2008R2)
                                                                                                            • Intercept X
                                                                                                            The HitmanPro.Alert logfile contains entries for non-normalized application paths

                                                                                                            The HitmanPro.Alert logfile (located at C:\Programdata\HitmanPro.Alert\Logs\Sophos.log) contains entries for non-normalized application paths, which are often logged for compiler applications:

                                                                                                            Example:

                                                                                                            YYYY-MM-DDTHH:MM:SS.FFFZ [Protected] PID 1234, Features 007D2E3000000100 Silent 0020000000000100, c:\\msys64\\opt\\rtems-5-win\\bin\\..\\lib\\gcc\\arm-rtems5\\7.5.0\\..\\..\\..\\..\\arm-rtems5\\app.exe

                                                                                                            This can be relevant when defining exclusions for specific applications.

                                                                                                            WINEP-42330
                                                                                                            • TBD (Win10 64bit and later) - TBD (WinServer 2016 and later) - TBD (W10 32bit/W8.1/W8/W7) - TBD (WinServer 2012/R2/2008R2)
                                                                                                            • Intercept X
                                                                                                            Ransomware Protection may raise a false alert due to linking unrelated files together, when an identical number of bytes is being read/written

                                                                                                            Ransomware Protection may raise a false alert due to linking unrelated files together, when an identical number of bytes is being read/written

                                                                                                            WINEP-42288
                                                                                                            • Updated in Core Agent 2022.2.1
                                                                                                            • Core Agent
                                                                                                            Unable to connect Wi-Fi after Core Agent update to version 2022.1.1.3

                                                                                                            Customers using some Qualcomm Atheros chipset network cards can fail to connect to wireless networks after updating to core agent version 2022.1.x.

                                                                                                            Other adapters use this chipset, including the Dell 1802 and 1702 network adapters. A full list of adapters we have seen impacted can be found here:

                                                                                                            https://support.sophos.com/support/s/article/KB-000042044?language=en_US

                                                                                                            Turn off IPS in the Central Threat Protection Policy

                                                                                                            WINEP-42286
                                                                                                              • Core Agent
                                                                                                              Using a WPAD with Firefox, Firefox fails to browse.

                                                                                                              If Firefox is configured to use a WPAD for proxy configuration, it fails to browse.

                                                                                                              Affects Core Agent 2.20.13 and above.

                                                                                                              Use manual proxy configuration for Firefox. All other browsers handle WPAD fine.

                                                                                                              WINEP-41307
                                                                                                                • Intercept X
                                                                                                                Servers running ConnectWise Automate trigger DynamicShellcode mitigation

                                                                                                                ConnectWise Automate / LabTech Agent (LTAgent.exe) triggers Dynamic Shellcode mitigation on Servers running Intercept X with Exploit Mitigation and Dynamic Shellcode protection enabled. The ConnectWise Automate host server is unable to launch Automate Control Center as it relies on LTAgent.exe, which fails to launch.

                                                                                                                Check KB-000044124 - Dynamic ShellCode Detection on ConnectWise Automate host server

                                                                                                                Central Firewall Management

                                                                                                                Last updated: 25 Oct 2022 - 13:23:35
                                                                                                                Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                NR-8295
                                                                                                                • CM 2022.39
                                                                                                                  • Micro Service
                                                                                                                  • SDWAN-PDB
                                                                                                                  Partner dashboard(PDB) customer inventory and PDB Firmware upgrade will not be supported for FSC regions such as India, Brazil, Canada, Japan, or Australia customers created by partner

                                                                                                                  If Customers are created by partner in any FSC region then PDB Customer inventory and PDB Firmware upgrade Functionality would not be available for the customers of FSC region.

                                                                                                                  These functionalities would be available to customers of FSC region along with PDB firewall Template support for FSC region.

                                                                                                                  NR-6306
                                                                                                                  • CM 2.2 2021.49
                                                                                                                    • Full Sync
                                                                                                                    Default ips policies will not be pushed after upgrade to 18.5 MR 2 under certain circumstances

                                                                                                                    Default IPS policies will not be pushed to a Sophos FIrewall with version 18.5 MR2 if:

                                                                                                                    The firewall is being just added to CM after the update

                                                                                                                    There is a group configuration change affecting firewalls with 18.5 MR2

                                                                                                                    Basically, the full sync process will skip the IPS opcode configuration for these devices running on v18.5 MR2.

                                                                                                                    On Sophos Central, go to Firewall Management > Intrusion Prevention > IPS policy > Edit the Default policy > Save, and it would then be pushed to the XG Firewall.

                                                                                                                    NR-6502
                                                                                                                    • CM 2022.03
                                                                                                                      • UI (legacy)
                                                                                                                      Firewalls managed by central might show a wrong status if IPS is switched on without a valid Network Protection license

                                                                                                                      Firewalls managed by Sophos Central without enabled IPS might get a message that enabling IPS worked though there is no valid Network protection license.

                                                                                                                      Get a valid Network Protection license

                                                                                                                      NR-6214
                                                                                                                      • CM 2.0 EAP1
                                                                                                                      • NoRelease
                                                                                                                      • Central Management
                                                                                                                      Central management could not enable after switching firmware with previous version or after Factory Reset

                                                                                                                      From SF v18.5 MR2, when FIPS mode is enabled, the device will reboot with factory reset. 

                                                                                                                      If the Firewall is registered and central services are accepted by the Central Admin and Admin Enables FIPS mode, the device will boot with factory reset config.

                                                                                                                      On Re-registration and Enable Central Management, Endpoint already known to the Central and Central Management API considers this as a Bad request as Central Services already approved.

                                                                                                                      There are two workarounds:

                                                                                                                      After factory reset, Remove the firewall from Central
                                                                                                                      After factory reset, register the device to Central and de-register it.
                                                                                                                      After performing any of the above steps, register the device again and now Admin will be able to Enable Central Services (CM/CR)

                                                                                                                      NR-6220
                                                                                                                      • CM 2.1 2020.50
                                                                                                                      • NoRelease
                                                                                                                      • Import-Export
                                                                                                                      "Loading" error on Firewall rules page after importing WAF rule via config import/export

                                                                                                                      Steps to recreate:

                                                                                                                      • Create WAF rule on base Firewall A from which you would want to import the configuration

                                                                                                                      • Create a group(Group 1) in Central with using config import option "Import existing configuration"

                                                                                                                      • Import the configuration from Firewall A

                                                                                                                      • Import would get successful and full sync would also pass if we add any other Firewall device(Firewall B) to this group

                                                                                                                      • Get onto "Manage Policy" page of that created Group 1.

                                                                                                                      • You will see "Loading" error on Firewall rules page

                                                                                                                      Expected Output:

                                                                                                                      "Loading" error should not show on Firewall rules page on Group, after importing WAF rule

                                                                                                                      Actual Output:

                                                                                                                      "Loading" error is there on Firewall rules page on Group, after importing WAF rule

                                                                                                                      NR-6074
                                                                                                                      • CM 2.2 2021.16
                                                                                                                        • SD-WAN
                                                                                                                        Central Orchestration Trial license devices are not appearing in SDWAN device list

                                                                                                                        Supporting only bundle license in an SDWAN connection group.

                                                                                                                        Following bundles are supported:

                                                                                                                        • CENTRAL_ORCHESTRATION_TERM

                                                                                                                        • XSTREAM_PROTECTION_TERM

                                                                                                                        • XSTREAM_PROTECTION

                                                                                                                        • XSTREAM_PROTECTION_WAF_EMAIL

                                                                                                                        This bundles are not supported:

                                                                                                                        • Standard Protection

                                                                                                                        • Enhanced Support


                                                                                                                        If a bundle is not supported then the customer is not able to use SDWAN because the device will not appear in SDWAN.

                                                                                                                        NR-5313
                                                                                                                        • CM 2.2 2021.04
                                                                                                                          • UI
                                                                                                                          Central Managed firewall display issues seen with more than 50 groups

                                                                                                                          Firewall display issues seen in Central with more than 50 groups.
                                                                                                                          Firewalls in group randomly disappear while managing firewall in Central.
                                                                                                                          If you logout and log back in, or you un-collapse, navigate away and comeback, firewalls are all displayed okay. This is a pure UI issue with scrolling inside an expanded group.

                                                                                                                          Collapsing the group and expanding again will solve this issue.

                                                                                                                          NR-4642
                                                                                                                          • CM 2.1 2020.35
                                                                                                                            • Global Policies
                                                                                                                            Unable to reorder the firewall rule in GROUP Level of Central Management using move button

                                                                                                                            Firewall rule reordering in Sophos Central Management group policy page is not supported.

                                                                                                                             User can reorder the rule in XG Firewall. 

                                                                                                                            NR-2287
                                                                                                                            • CM 2019.30
                                                                                                                              • Dummy
                                                                                                                              When user try to upgrade the firmware after accessing XG Firewall from Sophos Central, it get fail in Sophos Firewall device

                                                                                                                              If the available bandwidth is limited, Firmware upgrades for Sophos firewall devices might fail if triggered via Sophos Central -> login -> Open XG firewall through RP tunnel -> Backup and Firmware -> Upload Firmware

                                                                                                                              Central Firewall Reporting

                                                                                                                              Last updated: 27 Apr 2022 - 16:25:47
                                                                                                                              Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                              NCR-2547
                                                                                                                              • iView 02.00 MR-2 (02.00.0.776)
                                                                                                                                • On Premise Reporting
                                                                                                                                Web-surfing reports

                                                                                                                                Web surfing Reports as PDF with more than 200 entries is not possible. Creating a web surfing report you can only get an output from the first 200 entries in the iview.

                                                                                                                                This is applicable both iview1/iview2.

                                                                                                                                Reason: The reason for this would be that PDF generation with all the records will impact the performance of iview.

                                                                                                                                The only work around would be to generate the detailed report in Excel format. Excel would support upto 100000 entries.

                                                                                                                                MDR

                                                                                                                                Last updated: 02 Dec 2022 - 08:00:14
                                                                                                                                No known issues!

                                                                                                                                Phish Threat

                                                                                                                                Last updated: 15 Jun 2022 - 12:46:30
                                                                                                                                Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                PHISH-7960
                                                                                                                                      Training template Format is not showing correctly on the smartphone

                                                                                                                                      Taking Phish Threat Training via Smart Phones is not currently supported due to format supportability issue.

                                                                                                                                      PHISH-4159
                                                                                                                                      • 3.0 (2018.40)
                                                                                                                                        • backend
                                                                                                                                        Deleted Users repopulate after being removed

                                                                                                                                        If a user is deleted from the Phish Threat Dashboard but repopulate automatically after sometime, this is expected behaviour if a campaign was sent to the user within the last 30 days.
                                                                                                                                        Both v1 and v2 report to Central the usage for the last 30 days, which is based on email addresses that were used as part of a campaign. When a reported email does not exist in Central, a user is created which is expected behaviour.

                                                                                                                                        PHISH-4139
                                                                                                                                        • 3.0 (2018.40)
                                                                                                                                          • Campaigns
                                                                                                                                          Campaigns which don't have a training associated do not work

                                                                                                                                          Creating and sending a Phish Threat Campaign without associated training material results in a 404 page being displayed when the enrollee clicks the link.

                                                                                                                                          This allows a dry run of a campaign to be sent so that the admin can gauge how many of his employees are likely to need training. The admin should be able to check how many of the enrollees opened, and clicked on the email attack. But the enrollee should not see anything else, so they won't get suspicious when the new attack is sent.

                                                                                                                                          PHISH-5317
                                                                                                                                          • Legacy Support
                                                                                                                                          • Legacy Support
                                                                                                                                          • Customer Portal
                                                                                                                                          Macro Script needs to be adjusted to work properly on Mac OS'

                                                                                                                                          The powershell script used to generate the macro within attachment attack documents is not working properly on Mac OS.

                                                                                                                                          PHISH-5879
                                                                                                                                          • 3.0 (2018.40)
                                                                                                                                            • Campaigns
                                                                                                                                            Gsuite Categorizing tracking link as suspicious

                                                                                                                                            The following warning message might show up when clicking on a link within a Phish Threat campaign for G Suite customers with Central accounts in the East region giving users preemptive warnings:

                                                                                                                                            Suspicious link: this link leads to an untrusted site. Are you sure you want to proceed to vk39fk6q.r.eu-west1.awstrack.me?

                                                                                                                                             Unfortunately a request cannot be made to delist from google as it requires proof of ownership. As the links are generated using Amazon services, we cannot supply this. A complete rehaul of Phish Threat will need to be made to change URLs for campaigns.

                                                                                                                                            PHISH-6820
                                                                                                                                            • v2.0
                                                                                                                                              • Campaigns
                                                                                                                                              Microsoft Defender SmartScreen reporting Phish Threat URL as "unsafe"

                                                                                                                                              Microsoft currently provides no effective way for us to monitor and remove domains/URLs from the Microsoft Defender SmartScreen list.

                                                                                                                                              This means that the aforementioned feature is not compatible with our Phish Threat product.

                                                                                                                                              PHISH-7369
                                                                                                                                                  • Campaigns
                                                                                                                                                  • Customer Portal
                                                                                                                                                  Unable to select-all users in enrollment for users due to large number of available users

                                                                                                                                                  The "select all" functionality of the users selection fields in the "New Campaign creation - Enroll users" is limited to the first 40-50 users, unless the admin manually scrolls the user selection scroll box down to load the full user list into the browser and re-clicks the 'select all' function for adding/removing users to the campaign. 

                                                                                                                                                  PHISH-7464
                                                                                                                                                      • Campaigns
                                                                                                                                                      Attachment from Campaign does not render some special characters properly

                                                                                                                                                      The normal workflow for Attachment Campaigns involves the fact that once the attachment has been opened, and the link inside of it activated, the user already failed the campaign - regardless of what's in the document.

                                                                                                                                                      Everything else about the Attachment Campaign should still work fine.

                                                                                                                                                      PHISH-7392
                                                                                                                                                          • Training
                                                                                                                                                          Unable to load the PhishThreat Awareness training from China users

                                                                                                                                                          The following URLs are officially blocked in China.

                                                                                                                                                          https://sophos-phish-threat.go-vip.co/
                                                                                                                                                          https://staysafe.sophos.com

                                                                                                                                                          This means that training content will not work properly.

                                                                                                                                                          The only possible workaround would be for the affected users to use a tunnel-all VPN solution.

                                                                                                                                                          PHISH-4831
                                                                                                                                                              • Campaigns
                                                                                                                                                              Phish thread pushing campaigns to groups

                                                                                                                                                              When using AD sync with Phish Threat you cannot push out campaigns to sub-groups. The user must be a direct member of the group in order to receive the campaign.

                                                                                                                                                              PHISH-4246
                                                                                                                                                              • 3.0 (2018.40)
                                                                                                                                                                • Campaigns
                                                                                                                                                                Central Admin goes super slow when creating campaign with a large number of users at a time

                                                                                                                                                                If a campaign is created with large number of users then there are chances of page gets hang and campaign never gets completed.

                                                                                                                                                                Currently it is recommended to add less than 500 recipients at a time.
                                                                                                                                                                This will be improved in the future.

                                                                                                                                                                PHISH-4002
                                                                                                                                                                • 3.0 (2018.40)
                                                                                                                                                                  • Campaigns
                                                                                                                                                                  Training link returning "Oops, that page can't be found"

                                                                                                                                                                  In rare instances customers may report when sending a training campaign they get presented with a "Oops, that page can't be found" error when clicking the training links.

                                                                                                                                                                  The page may load after refreshing several times. Please wait and try the link again after some time.

                                                                                                                                                                  This scenario can be seen during a web server refresh on the hosting server, normally it takes a couple of minutes to refresh all the training and landing pages - if the link was clicked during that specific refresh time the error will be received.

                                                                                                                                                                  PureMessage for Unix (PMX)

                                                                                                                                                                  Last updated: 28 Apr 2022 - 13:37:54
                                                                                                                                                                  Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                                                  PMX-765
                                                                                                                                                                  • v6.4.0
                                                                                                                                                                    • User Interface
                                                                                                                                                                    Can't read modified policy script: cannot negate test pmx_delayed_mail

                                                                                                                                                                    An error is display in the policy constructor of the Admin UI

                                                                                                                                                                    Can't read modified policy script: cannot negate test pmx_delayed_mail at /opt/pmx6/lib/site_perl/5.8.7/PureMessage/Manager/Policy.pm line 26

                                                                                                                                                                    The error comes from combining another test with a negated pmx_delayed_mail test.
                                                                                                                                                                    Workaround is to separate the tests into two nested tests

                                                                                                                                                                    Example

                                                                                                                                                                    PMX-236
                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                        The concurrency_limit_action option is ignored when running with the process pool enabled (the default setting)

                                                                                                                                                                        The concurrency_limit_action option is ignored when running with the process pool enabled (the default setting). If the maximum allowed concurrency is reached, handling of subsequent SMTP connections is determined exclusively by the flags set in the INPUT_MAIL_FILTER option in sendmail.mc

                                                                                                                                                                        PMX-248
                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                            Because per-recipient tests split a message into multiple messages, it is possible to scan the same message for spam and viruses more than once

                                                                                                                                                                            Because per-recipient tests split a message into multiple messages (one for each recipient), it is possible to scan the same message for spam and viruses more than once. This puts an unnecessary load on the system. Therefore, it is advisable to perform per-recipient blacklist/whitelist/optout tests before scanning for spam. Also, these tests should have an associated 'stop' action, so that processing does not continue. (The default policy script is an example of the correct configuration.)

                                                                                                                                                                            Per-recipient rules that simply add a header or log some data should be avoided. This will minimize the amount of processing that PureMessage has to do. This is not a problem if no per-recipient tests are used. Per-recipient tests are:

                                                                                                                                                                            • Any tests that employ an end-user list.

                                                                                                                                                                            • The envelope-recipient matching test (envelope ``to'').

                                                                                                                                                                            PMX-278
                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                If the policy.siv file is deleted, the PureMessage Manager's Policy editor does not generate the require "PureMessage" command

                                                                                                                                                                                If the policy.siv file is deleted, the PureMessage Manager's Policy editor does not generate the require "PureMessage" command. The workaround is to click "see the source", and then click on "/opt/pmx/etc/policy.siv", and add the line:

                                                                                                                                                                                require "PureMessage";

                                                                                                                                                                                at the top of the file. (#24992)

                                                                                                                                                                                PMX-292
                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                    When synchronizing publications via the Server Groups tab in the Manager, all subscribed edge servers are synchronized

                                                                                                                                                                                    When synchronizing publications via the Server Groups tab in the Manager, all subscribed edge servers (not just the selected edge server) are synchronized. To synchronize only one edge server, run the following command at the command line while logged in as the PureMessage user:

                                                                                                                                                                                    pmx-share sync -h HOST-NAME -p PUBLICATION_NAME

                                                                                                                                                                                    PMX-294
                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                        PureMessage Manager will indicate that port 28080 is being used for the HTTPD Service

                                                                                                                                                                                        Regardless of whether PureMessage has been configured to use port 28443 (the default) or port 28080 for End User Web Interface and Groups Web Interface access, the Local Services tab of the PureMessage Manager will indicate that port 28080 is being used for the HTTPD (RPC/UI) service

                                                                                                                                                                                        PMX-326
                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                            No support for mail-filtering servers that have different time zone settings In PureMessage

                                                                                                                                                                                            In PureMessage configurations that use centralized quarantine digests, there is currently no support for mail-filtering servers that have different time zone settings. You must set all mail-filtering servers to Greenwich Mean Time (GMT).

                                                                                                                                                                                            PMX-328
                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                View quarantined message bodies when querying the quarantine on the CSM

                                                                                                                                                                                                On multi-server deployments with Filter Role servers (that is, servers performing mail processing and quarantining) and a Central Server Manager (CSM), the Manager pmx-manager must be running on the edge servers in order to view quarantined message bodies when querying the quarantine on the CSM

                                                                                                                                                                                                PMX-332
                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                    If PureMessage is installed without a database server, pmx-qmeta-index may display an error

                                                                                                                                                                                                    If PureMessage is installed without a database server, pmx-qmeta-index may display the following error when run:

                                                                                                                                                                                                    Can't connect( HASH(0x8421378)), no database driver specified and DBI_DSN env var not set at\ /opt/pmx/lib/site_perl/5.6.1/PureMessage/MessageStore/pmdb.pm line 116

                                                                                                                                                                                                    This error means that there is no database available to process the queue

                                                                                                                                                                                                    PMX-338
                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                        If the system has more than 8 GB of memory, pmx-pg-tune does not automatically set the shared buffers

                                                                                                                                                                                                        For PostgreSQL 9.x, the pmx-pg-tune tool analyzes system settings and configures shared memory for PostgreSQL in order to improve database performance. If your system settings are not in the recommended range, this command attempts to make the necessary adjustments. However, if your system has more than 8 GB of memory, pmx-pg-tune does not automatically set the shared buffers. You will have to set these manually. For more information, see "Tuning PostgreSQL for PureMessage" in the Sophos Knowledgebase, or contact Sophos Technical Support.

                                                                                                                                                                                                        PMX-344
                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                            Moving the UI pages to a different host when users already have a valid cached cookie may result in login failure

                                                                                                                                                                                                            End User Web Interface (EUWI) authentication currently favors the value of the initially granted cookie over any login form values. One of the consequences of this is that moving the UI pages to a different host when users already have a valid cached cookie may result in login failure. The only available workaround is to have users clear the offending cookie from their browser cache

                                                                                                                                                                                                            PMX-346
                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                Quarantined messages (50,000 or more) may cause the httpd process to consume excessive amounts of RAM

                                                                                                                                                                                                                A large number of quarantined messages (50,000 or more) may cause the httpd process to consume excessive amounts of RAM that is not released until MaxRequestsPerChild has been exceeded. If this becomes a problem, the workaround is to lower the default value that causes the httpd process to recycle this memory more often

                                                                                                                                                                                                                PMX-362
                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                    Display problems in the PureMessage Groups Web Interface

                                                                                                                                                                                                                    Adjusting the font size setting in your browser may cause display problems in the PureMessage Groups Web Interface

                                                                                                                                                                                                                    PMX-370
                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                        When searching the quarantine via the PureMessage Groups Manager and selecting 500 or 1000 from the Results to Display drop-down list search results are not returned immediately

                                                                                                                                                                                                                        When searching the quarantine via the PureMessage Groups Manager, you can select the number of messages to be displayed per page. When selecting 500 or 1000 from the Results to Display drop-down list, the search results are not returned immediately. During the delay, PureMessage does not display a message indicating that results are being retrieved.

                                                                                                                                                                                                                        PMX-932
                                                                                                                                                                                                                        • v6.4.8
                                                                                                                                                                                                                          • Mail Logs
                                                                                                                                                                                                                          Postfix rejecting mail after upgrade to 6.4.8

                                                                                                                                                                                                                          After upgrading to PMX 6.4.8 some configurations may experience Postfix rejecting mail with the following errors

                                                                                                                                                                                                                          Aug 22 11:12:36 hostname postfix/smtpd[80254]: warning: unknown smtpd restriction: "ignore_policy_error"
                                                                                                                                                                                                                          Aug 22 11:12:36 hostname postfix/smtpd[80254]: NOQUEUE: reject: RCPT from mail.domain.com[1.1.1.1]: 451 4.3.5 Server configuration error; from= to= proto=SMTP helo=

                                                                                                                                                                                                                          This is caused by the following configuration option being present in the _/opt/pmx/postfix/etc/main.cf_ file:

                                                                                                                                                                                                                          smtpd_client_restrictions = ignore_policy_error,check_policy_service inet:[127.0.0.1]:4466

                                                                                                                                                                                                                          To avoid this problem the above line should be replaced with the following 2 lines immediately after upgrade to 6.4.8:

                                                                                                                                                                                                                          smtpd_client_restrictions = check_policy_service inet:[127.0.0.1]:4466
                                                                                                                                                                                                                          smtpd_policy_service_default_action = DUNNO

                                                                                                                                                                                                                          This is caused by the following configuration option being present in the /opt/pmx/postfix/etc/main.cf file:

                                                                                                                                                                                                                          smtpd_client_restrictions = ignore_policy_error,check_policy_service inet:[127.0.0.1]:4466

                                                                                                                                                                                                                          To avoid this problem the above line should be replaced with the following 2 lines immediately after upgrade to 6.4.8:

                                                                                                                                                                                                                          smtpd_client_restrictions = check_policy_service inet:[127.0.0.1]:4466
                                                                                                                                                                                                                          smtpd_policy_service_default_action = DUNNO

                                                                                                                                                                                                                          PMX-936
                                                                                                                                                                                                                          • v6.4.6
                                                                                                                                                                                                                            • User Interface
                                                                                                                                                                                                                            Large list files may not display in the GUI when using RHEL7

                                                                                                                                                                                                                            When running PMX on RHEL7 large list files ( > 58215 entries) may not display in the management GUI

                                                                                                                                                                                                                            All the entries are still processed successfully by the mail filters however. 

                                                                                                                                                                                                                            Our recommendation is to always convert any lists that contain more than 5000 entries to a CDB file (rather than plain text list). Doing this will also resolve this issue and allow the list to display in the GUI

                                                                                                                                                                                                                            PMX-952
                                                                                                                                                                                                                            • v6.4.9
                                                                                                                                                                                                                                Admin UI Users can not be disabled

                                                                                                                                                                                                                                A user created in the Admin UI for the Admin UI can not be disabled.

                                                                                                                                                                                                                                Change the password so that the user cannot log in anymore

                                                                                                                                                                                                                                PMX-911
                                                                                                                                                                                                                                • v6.2.2
                                                                                                                                                                                                                                  • UNKNOWN
                                                                                                                                                                                                                                  searches for pmx_reason names with underscores returns no results

                                                                                                                                                                                                                                  Doing a search on a custom log reason containing an underscore in it, displays "no result".

                                                                                                                                                                                                                                  This is by design as the underscore is the replacement character for the space. The system can not tell the difference between a natural underscore and a replaced space.

                                                                                                                                                                                                                                  PMX-907
                                                                                                                                                                                                                                  • v6.4.6
                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                    %%PMX_VERSION%% Template not showing the correct SAVI Version

                                                                                                                                                                                                                                    The PMX_VERSION template is updated on an AntiSpam Database reload and a restart of the milter.
                                                                                                                                                                                                                                    This results in the Antispam Version being current, and the AntiVirus version being that of the last restart of the milter.

                                                                                                                                                                                                                                    PMX-897
                                                                                                                                                                                                                                    • v6.4.5
                                                                                                                                                                                                                                        SPF support macros

                                                                                                                                                                                                                                        Does PMX 6.x supports macros[1] in spf

                                                                                                                                                                                                                                        For example this SPF: “v=spf1 include:domain.com._nspf.XXXX.email include:%{i}._ip.%{h}._ehlo.%{d}._spf.xxxx.email ~all”

                                                                                                                                                                                                                                        Would that be successfully interpreted and resolved on a standard PMX installation.

                                                                                                                                                                                                                                        Yes anti-spam engine supports SPF macros

                                                                                                                                                                                                                                        PMX-843
                                                                                                                                                                                                                                        • v6.3.3
                                                                                                                                                                                                                                          • Build
                                                                                                                                                                                                                                          Milter rejects 452 too many recipients

                                                                                                                                                                                                                                          Milter rejects messages returning error 452 too many recipients when setting the _default_destination_recipient_limit to 1050

                                                                                                                                                                                                                                          smtpd_recipient_limit
                                                                                                                                                                                                                                          is the max number of recipients postfix accepts in an email

                                                                                                                                                                                                                                          default_destination_recipient_limit
                                                                                                                                                                                                                                          is the max number of recipients postfix will send a message to before splitting it

                                                                                                                                                                                                                                          the milter accepts a maximum number of 100 recipients, so a message of 1000 recipients into postfix will be split into 20 messages before being forwarded to the milter.

                                                                                                                                                                                                                                          Changing those values is dangerous as some sites will assume that a "properly configured postfix" will not send more than 50 recipients in one single mail.

                                                                                                                                                                                                                                          Logging/File Details

                                                                                                                                                                                                                                          Mar  8 18:15:49 scmx011cto postfix/smtp[31885]: 791723AA201: to=, relay=127.0.0.1[127.0.0.1]:10025, delay=695, delays=695/0/0/0.59, dsn=4.0.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 452 too many recipients (in reply to RCPT TO command))

                                                                                                                                                                                                                                          PMX-764
                                                                                                                                                                                                                                          • v6.4.0
                                                                                                                                                                                                                                            • User Interface
                                                                                                                                                                                                                                            Redis not showing as service on the local services page

                                                                                                                                                                                                                                            The status of the historian is not displayed on the Local services Page.

                                                                                                                                                                                                                                            PMX-226
                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                Overriding log_to in a milter section of pmx.conf does not work

                                                                                                                                                                                                                                                Overriding log_to in a milter section of pmx.conf does not work. The top-level setting is always used

                                                                                                                                                                                                                                                PMX-306
                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                    Unless you have adjusted the settings of either _pmx-qindex_ or _pmx-queue-run_, these scheduled jobs will no longer be displayed in the list of jobs on the *Local Services* tab

                                                                                                                                                                                                                                                    Unless you have adjusted the settings of either pmx-qindex or pmx-queue-run, these scheduled jobs will no longer be displayed in the list of jobs on the Local Services tab upon upgrade to PureMessage 5.5 or later. They have been replaced by the Queue Runner service

                                                                                                                                                                                                                                                    PMX-246
                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                        Per-recipient tests have significant overhead

                                                                                                                                                                                                                                                        Per-recipient tests have significant overhead. Therefore, adding many per-recipient tests to the policy script may degrade performance. It is advisable to minimize the number of per-recipient tests to optimize throughput

                                                                                                                                                                                                                                                        PMX-240
                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                            Template variables are not evaluated in tests that do matching

                                                                                                                                                                                                                                                            Template variables are not evaluated in tests that do matching. Any test that takes a MATCH-TYPE argument (such as, 'is', 'contains', 'matches', 'memberof') does not expand templates in the match expression, since this expression is compiled at startup time

                                                                                                                                                                                                                                                            PMX-410
                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                Certain operating systems, such Debian and SUSE, specify more than one "127" IP address in /etc/hosts

                                                                                                                                                                                                                                                                Certain operating systems, such Debian and SUSE, specify more than one "127" IP address in /etc/hosts (for example, 127.0.0.1., 127.0.1.1 and 127.0.0.2). Since some PureMessage functions depend on a certain internal host setting, you should make sure that _/etc/hosts _contains the same "127" addresses as /opt/pmx6/etc/internal-hosts

                                                                                                                                                                                                                                                                PMX-408
                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                    Some PureMessage updates are extracted into your system's /tmp directory

                                                                                                                                                                                                                                                                    Some PureMessage updates are extracted into your system's /tmp directory. It is therefore important to control the size of this directory through appropriate system maintenance to avoid consuming excessive disk space

                                                                                                                                                                                                                                                                    PMX-406
                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                        Shifting to and from Daylight Saving Time (DST) creates a gap in PureMessage reports and causes errors to be logged

                                                                                                                                                                                                                                                                        Shifting to and from Daylight Saving Time (DST) creates a gap in PureMessage reports and causes errors to be logged. For complete details on the impact of DST, see the Sophos Knowledgebase entry 23877:
                                                                                                                                                                                                                                                                        https://www.sophos.com/en-us/support/knowledgebase/23877.aspx

                                                                                                                                                                                                                                                                        PMX-404
                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                            The pmx-quarantine reindex --forget-old command does not operate properly

                                                                                                                                                                                                                                                                            The pmx-quarantine reindex --forget-old command, which schedules cleanup of index entries that correspond to removed messages, does not operate properly. This command is not normally required, as the expired messages are automatically scheduled for removal. In cases when this functionality is needed, the workaround is to use the pmx-quarantine reindex --purge command, which purges the existing indexes and schedules existing messages for re-indexing. Note that the subsequent invocation of pmx-qmeta-index may result in re-indexing of the entire quarantine and may take a long time for large quarantines

                                                                                                                                                                                                                                                                            PMX-402
                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                The pmx-qman utility currently does not enforce exclusive access to the message quarantine

                                                                                                                                                                                                                                                                                The pmx-qman utility currently does not enforce exclusive access to the message quarantine. This may result in errors when running multiple instances of this program on the same mail-processing host. For example, an attempt to approve messages by a second instance of pmx-qman may fail if the messages have been deleted by a first instance

                                                                                                                                                                                                                                                                                PMX-400
                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                    The pmx-quarantine and pmx-quarantine list commands only work on the cur and trash folders

                                                                                                                                                                                                                                                                                    The pmx-quarantine count [folder] and pmx-quarantine list [folder] commands only work on the cur and trash folders. Use operating system commands to examine the contents of other quarantine folders

                                                                                                                                                                                                                                                                                    PMX-398
                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                        The cantscan.tmpl and approve-failure.tmpl templates include technical reasons that have not been translated

                                                                                                                                                                                                                                                                                        The cantscan.tmpl and approve-failure.tmpl templates include technical reasons that have not been translated

                                                                                                                                                                                                                                                                                        PMX-396
                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                            When using the --earliest option with pmx-qdigest, the timestamp option value must be enclosed in quotes

                                                                                                                                                                                                                                                                                            When using the --earliest option with pmx-qdigest, the timestamp option value must be enclosed in quotes. Otherwise, only the first part of the option value (the date) is used as the timestamp, instead of both the date and the time

                                                                                                                                                                                                                                                                                            PMX-394
                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                If a digest template file is missing during digest generation, subsequent digests may include messages that were included in previous digests

                                                                                                                                                                                                                                                                                                If a digest template file is missing during digest generation, subsequent digests may include messages that were included in previous digests. When a digest template is missing, the digest program does not save the identifiers of messages as they are scanned. Therefore, when the digest is re-run (after fixing the missing template), messages are re-scanned. Aside from the duplicate digest entries, there is no other operational impact

                                                                                                                                                                                                                                                                                                PMX-392
                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                    If non-ASCII characters are present in the digest, the digest fields may not be aligned correctly

                                                                                                                                                                                                                                                                                                    If non-ASCII (specifically multi-byte UTF-8) characters are present in the digest, the digest fields may not be aligned correctly. This problem is only seen in the text/plain parts of the digests

                                                                                                                                                                                                                                                                                                    PMX-390
                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                        When pmx-qdigest is run in centralized mode, it only scans messages that have been indexed by pmx-qmeta-index

                                                                                                                                                                                                                                                                                                        When pmx-qdigest is run in centralized mode, it only scans messages that have been indexed by pmx-qmeta-index. This is because the centralized digest works with metadata stored in the centralized (DBMS-based) quarantine; pmx-qmeta-index inserts this metadata into the centralized quarantine. This behavior varies from that of pmx-qdigest when run in local mode, which is able to scan all messages that have been processed by pmx-qindex (that is, those that exist in the filesystem-based quarantine on the server that's running the pmx-digest program)

                                                                                                                                                                                                                                                                                                        PMX-388
                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                            Memory usage is incorrectly reported by pmx status and ps

                                                                                                                                                                                                                                                                                                            Memory usage is incorrectly reported by pmx status and ps. Memory used for blocklist data is no longer reported in vmsize of the parent pmx-milter process (which is correct), but the vsz for each individual pooled process includes memory that is actually shared between all pooled processes

                                                                                                                                                                                                                                                                                                            PMX-386
                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                Big5-HKSCS is wrongly interpreted as Big5

                                                                                                                                                                                                                                                                                                                Big5-HKSCS is wrongly interpreted as Big5

                                                                                                                                                                                                                                                                                                                PMX-384
                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                    Adding a Japanese word to the suspect attachment list may not trigger when the word is in the body of the message

                                                                                                                                                                                                                                                                                                                    Adding a Japanese word to the suspect attachment list may not trigger when the word is in the body of the message. This is only the case if you use \b in the regular expression, as the UTF-8 support does not handle word boundaries well

                                                                                                                                                                                                                                                                                                                    PMX-382
                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                        The 'Blocked' field in the table view of the 'Messages Blocked by the Policy' report does not display correctly if pmx_blocklist is not in the PureMessage policy

                                                                                                                                                                                                                                                                                                                        The 'Blocked' field in the table view of the 'Messages Blocked by the Policy' report does not display correctly if pmx_blocklist is not in the PureMessage policy

                                                                                                                                                                                                                                                                                                                        PMX-380
                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                            MTA-level and Policy-level blocking reports display an invalid total count in multi-server deployments

                                                                                                                                                                                                                                                                                                                            MTA-level and Policy-level blocking reports display an invalid total count in multi-server deployments

                                                                                                                                                                                                                                                                                                                            PMX-378
                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                When creating a policy setting for the Groups Web Interface using the pmx-group-policy command, only lowercase characters are allowed

                                                                                                                                                                                                                                                                                                                                When creating a policy setting for the Groups Web Interface using the pmx-group-policy bcommand, the value specified with the --id option must contain all lowercase characters (for example --id policy_id and not --id Policy_ID). If the ID contains any uppercase characters, clicking the associated policy option check box in the Groups Web Interface results in an "invalid permission" message

                                                                                                                                                                                                                                                                                                                                PMX-376
                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                    When you create a group list using the pmx-group-list command, the wrong list name is added to the lists selection drop-down in the Policy Constructor

                                                                                                                                                                                                                                                                                                                                    When you create a group list using the pmx-group-list command, the wrong list name is added to the lists selection drop-down in the Policy Constructor. The group-specific list should use the name specified with the --name option. Instead, it uses the text specified with the --description option

                                                                                                                                                                                                                                                                                                                                    PMX-374
                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                        Even if a group administrator has not been granted permission for the Save button in the Message Details dialog box, the button is always visible

                                                                                                                                                                                                                                                                                                                                        Even if a group administrator has not been granted permission for the Save button in the Message Details dialog box, the button is always visible. If permission for this button has not been granted, clicking it will have no effect. The same is true of the Forward button that appears at the bottom of each Search Results page

                                                                                                                                                                                                                                                                                                                                        PMX-372
                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                            clicking the Delete All button on the quarantine Search Results page does not cause the status icon to immediately turn red

                                                                                                                                                                                                                                                                                                                                            Under certain conditions, clicking the Delete All button on the quarantine Search Results page does not cause the status icon to immediately turn red. Refresh the page to update the status

                                                                                                                                                                                                                                                                                                                                            PMX-368
                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                The page count displayed with the paging controls at the top right of the Search Results page is only approximate

                                                                                                                                                                                                                                                                                                                                                The page count displayed with the paging controls at the top right of the Search Results page (for example, 1 of 49) is only approximate. For instance, clicking the >> button may not display the last page of results, or it may display a blank page that is beyond what is actually the last page.

                                                                                                                                                                                                                                                                                                                                                PMX-366
                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                    Subject and Relay text boxes of the Search Parameters sidebar are case-sensitive

                                                                                                                                                                                                                                                                                                                                                    Search strings entered in the Subject and Relay text boxes of the Search Parameters sidebar are case-sensitive

                                                                                                                                                                                                                                                                                                                                                    PMX-364
                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                        Date Range of the Report Parameters musst be spelled with two zeros after the hour value

                                                                                                                                                                                                                                                                                                                                                        When entering the hour portion of start or end time in the date range fields of the Report Parameters sidebar, you must add two zeros after the hour value in order to return the correct results. For example enter "23:00", not "23". Other irregularities with the date range fields have also been experienced

                                                                                                                                                                                                                                                                                                                                                        PMX-360
                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                            Input validation is not strictly enforced for the text boxes

                                                                                                                                                                                                                                                                                                                                                            Input validation is not strictly enforced for the text boxes on the Search Parameters and Report Parameters sidebars

                                                                                                                                                                                                                                                                                                                                                            PMX-358
                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                Pages in the Message Details dialog box may load slowly

                                                                                                                                                                                                                                                                                                                                                                Pages in the Message Details dialog box may load slowly if the associated message has a large attachment

                                                                                                                                                                                                                                                                                                                                                                PMX-356
                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                    The EUWI treats the quarantine reason as mixed case, while the manager and digest do not

                                                                                                                                                                                                                                                                                                                                                                    The EUWI treats the quarantine reason as mixed case, while the manager and digest do not. For example, if you quarantine a message for the reason "MiXeDcAsE" it will show up in the manager UI and the digest as "mixedcase" and will not show up in the EUWI. To resolve this, change all End User Options "Quarantine Reasons" to lower case and restart the HTTPD process

                                                                                                                                                                                                                                                                                                                                                                    PMX-354
                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                        Messages deleted from the quarantine via the Manager or command line are still accessible via the EUWI

                                                                                                                                                                                                                                                                                                                                                                        Messages deleted from the quarantine via the Manager or command line are still accessible via the EUWI

                                                                                                                                                                                                                                                                                                                                                                        PMX-352
                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                            When the EUWI is configured to display in French, the date order on the Options page is incorrect

                                                                                                                                                                                                                                                                                                                                                                            When the EUWI is configured to display in French, the date order on the Options page is incorrect

                                                                                                                                                                                                                                                                                                                                                                            PMX-350
                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                End users may experience an HTTPD error instead of a well-formatted error message when critical RPC errors occur

                                                                                                                                                                                                                                                                                                                                                                                End users may experience an HTTPD error instead of a well-formatted error message when critical RPC errors occur. If this occurs, examine the rpc_error.log file to determine the root cause of the error and correct it.

                                                                                                                                                                                                                                                                                                                                                                                PMX-348
                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                    The EUWI pages sometimes display errors in English instead of in the localized language

                                                                                                                                                                                                                                                                                                                                                                                    The EUWI pages sometimes display errors in English instead of in the localized language

                                                                                                                                                                                                                                                                                                                                                                                    PMX-342
                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                        The user preference settings are currently not synchronized by default

                                                                                                                                                                                                                                                                                                                                                                                        The user preference settings are currently not synchronized by default. The workaround is to use Server Groups to publish these settings.
                                                                                                                                                                                                                                                                                                                                                                                        The following steps enable publication of user preference settings from the primary server:

                                                                                                                                                                                                                                                                                                                                                                                        • Via PureMessage Manager, click the Server Groups tab.

                                                                                                                                                                                                                                                                                                                                                                                        • Click the User-Preferences publication and subscribe all auxiliary servers you want to receive this publication.

                                                                                                                                                                                                                                                                                                                                                                                        • Click the Local Services tab.

                                                                                                                                                                                                                                                                                                                                                                                        • Under Scheduled Services, click Add New.

                                                                                                                                                                                                                                                                                                                                                                                        • Fill in the following fields:
                                                                                                                                                                                                                                                                                                                                                                                          Command: pmx-share sync -p User-Preferences >/dev/null
                                                                                                                                                                                                                                                                                                                                                                                          Description: synchronize user preference settings
                                                                                                                                                                                                                                                                                                                                                                                          Enabled: [checked]


                                                                                                                                                                                                                                                                                                                                                                                        Schedule
                                                                                                                                                                                                                                                                                                                                                                                        Hour: Any
                                                                                                                                                                                                                                                                                                                                                                                        Minutes: 05
                                                                                                                                                                                                                                                                                                                                                                                        Month: Any
                                                                                                                                                                                                                                                                                                                                                                                        Day: Any
                                                                                                                                                                                                                                                                                                                                                                                        Week Day: Any

                                                                                                                                                                                                                                                                                                                                                                                        Or:

                                                                                                                                                                                                                                                                                                                                                                                        • Via a login shell, login as the pmx user.

                                                                                                                                                                                                                                                                                                                                                                                        • Run the pmx-share command to add auxiliary servers to the User-Preferences publication:
                                                                                                                                                                                                                                                                                                                                                                                          pmx-share add -p User-Preferences -h

                                                                                                                                                                                                                                                                                                                                                                                        • Add a configuration file to /opt/pmx/etc/scheduler.d called pmx-share.conf that contains the following lines:

                                                                                                                                                                                                                                                                                                                                                                                        Synchronize user preference settings

                                                                                                                                                                                                                                                                                                                                                                                        desc = "Sync user prefs"
                                                                                                                                                                                                                                                                                                                                                                                        type = exec
                                                                                                                                                                                                                                                                                                                                                                                        enabled = 1
                                                                                                                                                                                                                                                                                                                                                                                        action = 'pmx-share sync -p User-Preferences >/dev/null'

                                                                                                                                                                                                                                                                                                                                                                                        s = 0
                                                                                                                                                                                                                                                                                                                                                                                        m = 5
                                                                                                                                                                                                                                                                                                                                                                                        h = *
                                                                                                                                                                                                                                                                                                                                                                                        md = *
                                                                                                                                                                                                                                                                                                                                                                                        mo = *
                                                                                                                                                                                                                                                                                                                                                                                        wd = *

                                                                                                                                                                                                                                                                                                                                                                                        PMX-340
                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                            Duplicate entry for Chinese in the Default Language drop list under Quarantine > Configure End User Features

                                                                                                                                                                                                                                                                                                                                                                                            Customers who have manually configured support for Chinese in the End User Web Interface (EUWI) may see a duplicate entry for Chinese in the Default Language drop list under Quarantine > Configure End User Features . To prevent this, remove the file named tw from the /opt/pmx/etc/manager/lang/installed/ directory, and change to the new Traditional Chinese language package with the following command:

                                                                                                                                                                                                                                                                                                                                                                                            pmx-config language cht

                                                                                                                                                                                                                                                                                                                                                                                            PMX-336
                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                pmx-policy inject fails with an error when used with centralized quarantine

                                                                                                                                                                                                                                                                                                                                                                                                pmx-policy inject fails with an error ("Queries using field 'm_pmx_test' for retrieval are not supported in pmdb message sets") when used with centralized quarantine. For testing the policy use the_ -dry-run_ option. This option uses an alternative message-store that does not interfere with the centralized quarantine

                                                                                                                                                                                                                                                                                                                                                                                                PMX-334
                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                    The PureMessage-PostgreSQL install fails if another process has bound the port that PostgreSQL uses

                                                                                                                                                                                                                                                                                                                                                                                                    The PureMessage-PostgreSQL install fails if another process has bound the port that PostgreSQL uses (TCP port 5432 by default). Either stop the other process or change the port PostgreSQL uses. The pg.log file in the _postgres/ _directory will contain either:

                                                                                                                                                                                                                                                                                                                                                                                                    LOG: could not bind Unix socket: Address already in use
                                                                                                                                                                                                                                                                                                                                                                                                    or
                                                                                                                                                                                                                                                                                                                                                                                                    LOG: could not bind IPv4 socket: Address already in use

                                                                                                                                                                                                                                                                                                                                                                                                    if PostgreSQL failed to bind to its port

                                                                                                                                                                                                                                                                                                                                                                                                    PMX-330
                                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                        The size of the quarantine database may double during the upgrade

                                                                                                                                                                                                                                                                                                                                                                                                        When upgrading a PostgreSQL-based quarantine server, make sure you have plenty of free hard drive space; the size of the quarantine database may double during the upgrade

                                                                                                                                                                                                                                                                                                                                                                                                        PMX-324
                                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                            pmx-pg-switch command is failing

                                                                                                                                                                                                                                                                                                                                                                                                            The /opt/pmx/postgres location must be on the same device as the base PureMessage installation, or the pmx-pg-switch command will fail

                                                                                                                                                                                                                                                                                                                                                                                                            PMX-322
                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                Uninstall does not restore the old MTA if you let the PureMessage-Sendmail installer "override existing sendmail"

                                                                                                                                                                                                                                                                                                                                                                                                                Uninstall does not restore the old MTA if you let the PureMessage-Sendmail installer "override existing sendmail". The workaround is to delete the stale symlinks manually and move the *.save files back after uninstalling PureMessage. This should not be a problem on systems with update-alternatives

                                                                                                                                                                                                                                                                                                                                                                                                                PMX-320
                                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                    Uninstall does not clean up the PureMessage user's mailbox on Solaris

                                                                                                                                                                                                                                                                                                                                                                                                                    Uninstall does not clean up the PureMessage user's mailbox on Solaris. The /var/spool/mail/ directories can be manually removed after uninstalling PureMessage-Sendmail

                                                                                                                                                                                                                                                                                                                                                                                                                    PMX-318
                                                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                        If PureMessage-Sendmail is installed under /opt on Solaris it may display an error message when the /opt directory is group writable

                                                                                                                                                                                                                                                                                                                                                                                                                        If PureMessage-Sendmail is installed under /opt on Solaris it may display an error message when the /opt directory is group writable. The workaround is to add this line to the sendmail.mc file:

                                                                                                                                                                                                                                                                                                                                                                                                                        define(`confDONT_BLAME_SENDMAIL',`GroupWritableDirPathSafe')

                                                                                                                                                                                                                                                                                                                                                                                                                        PMX-316
                                                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                            Postfix and sendmail are not automatically shut down by pmx-setup

                                                                                                                                                                                                                                                                                                                                                                                                                            Postfix and sendmail are not automatically shut down by pmx-setup. The MTA must be stopped manually before upgrading Postfix or sendmail components and restarted after the upgrade is complete

                                                                                                                                                                                                                                                                                                                                                                                                                            PMX-312
                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                Sendmail can cause errors with QueueRunner.pm if resolving the senders domain takes a long time

                                                                                                                                                                                                                                                                                                                                                                                                                                Sendmail can cause errors with QueueRunner.pm if resolving the senders domain takes a long time. To resolve the issue, add the following to backend.mc

                                                                                                                                                                                                                                                                                                                                                                                                                                _define( confDONT_EXPAND_CNAMES', True')
                                                                                                                                                                                                                                                                                                                                                                                                                                FEATURE(nocanonify)
                                                                                                                                                                                                                                                                                                                                                                                                                                (SUG51169)._

                                                                                                                                                                                                                                                                                                                                                                                                                                PMX-314
                                                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                    For systems using Oracle Communications Messaging Exchange Server, mail transfer agent upgrades must be performed as the root user from the command line

                                                                                                                                                                                                                                                                                                                                                                                                                                    For systems using Oracle Communications Messaging Exchange Server, mail transfer agent upgrades must be performed as the root user from the command line. These packages cannot be upgraded from the Manager interface

                                                                                                                                                                                                                                                                                                                                                                                                                                    PMX-310
                                                                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                        If logsearch recovery indexing is interrupted before completion and logsearch indexing restarts indexing will skip archived logs

                                                                                                                                                                                                                                                                                                                                                                                                                                        If logsearch recovery indexing is interrupted before completion and logsearch indexing restarts (pmx-logsearch-index start), indexing will skip archived logs if the daemon detects that it is more than 60 MB behind. Logsearch recovery must continue until done

                                                                                                                                                                                                                                                                                                                                                                                                                                        PMX-308
                                                                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                            it is possible to adjust the Scheduler so that PureMessage data updates from Sophos run less frequently than every five minutes

                                                                                                                                                                                                                                                                                                                                                                                                                                            Although it is not recommended, it is possible to adjust the Scheduler so that PureMessage data updates from Sophos run less frequently than every five minutes. Furthermore, selecting only a single value in any of the scheduling scroll boxes causes the timing of the scheduled update job to be randomized.

                                                                                                                                                                                                                                                                                                                                                                                                                                            The intervals set at the smallest increment take precedence over larger increments. So, for example, if you create intervals under Minutes but not under Seconds, the seconds are randomized.

                                                                                                                                                                                                                                                                                                                                                                                                                                            This degree of randomization ensures that multiple processes do not start at the same time, reducing the chances of a load spike. It also reduces the likelihood of a network load spike caused by data downloads that occur at the same time

                                                                                                                                                                                                                                                                                                                                                                                                                                            PMX-304
                                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                The pmx-queue run scheduled job uses the same configuration file as the Queue Runner background service

                                                                                                                                                                                                                                                                                                                                                                                                                                                The pmx-queue run scheduled job uses the same configuration file (/opt/pmx/etc/queuerunner.conf) as the Queue Runner background service. This could cause unexpected results when running pmx-queue run manually.

                                                                                                                                                                                                                                                                                                                                                                                                                                                PMX-302
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                    If you are running PureMessage behind a proxy server, the _pmx-mlog-stats_ scheduled job will not be able to send statistical feedback to Sophos

                                                                                                                                                                                                                                                                                                                                                                                                                                                    If you are running PureMessage behind a proxy server, the pmx-mlog-stats scheduled job will not be able to send statistical feedback to Sophos

                                                                                                                                                                                                                                                                                                                                                                                                                                                    PMX-300
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                        The PureMessage Manager will allow you to create a scheduled job that is invalid without issuing a warning

                                                                                                                                                                                                                                                                                                                                                                                                                                                        The PureMessage Manager will allow you to create a scheduled job that is invalid without issuing a warning. For instance, if you were to create a scheduled job for pmx-release (which is invalid) instead of pmx-qrelease, there will be no warning in the Manager or in the logs.

                                                                                                                                                                                                                                                                                                                                                                                                                                                        PMX-298
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                            If there are no scheduled jobs on the system the Scheduler service will not start up

                                                                                                                                                                                                                                                                                                                                                                                                                                                            If there are no scheduled jobs on the system (this is very rare, since all of the PureMessage roles come with scheduled jobs), the Scheduler service will not start up; instead of starting, it will exit silently

                                                                                                                                                                                                                                                                                                                                                                                                                                                            PMX-296
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                Text on the MTA IP Blocking page of the Local Services tab incorrectly instructs you to start the Blocker Service after enabling IP blocking

                                                                                                                                                                                                                                                                                                                                                                                                                                                                Text on the MTA IP Blocking page of the Local Services tab incorrectly instructs you to start the Blocker Service after enabling IP blocking. Instead, when prompted, you must restart both your mail transfer agent and the Scheduler Service

                                                                                                                                                                                                                                                                                                                                                                                                                                                                PMX-290
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In the Manager's Policy Constructor, clicking on Add main rule or Add rule anywhere adds a new rule, even if the user clicks Cancel

                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In the Manager's Policy Constructor, clicking on Add main rule or Add rule anywhere adds a new rule, even if the user clicks Cancel. If this happens, the new rule can easily be deleted by clicking on the rule and then clicking Delete

                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PMX-288
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Characters outside the ASCII range are currently not considered to be "word" characters, which has significance when attempting to match the \w and \b escapes within regular expressions

                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Characters outside the ASCII range are currently not considered to be "word" characters, which has significance when attempting to match the \w and \b escapes within regular expressions. This should be considered particularly carefully when writing regular expressions that may be used to match against data containing accented characters common in non-English languages

                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PMX-286
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            An administrator must manually enter list/map IDs in the Policy Constructor for the _pmx_notify_ and _pmx_map_recipient_ actions

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            An administrator must manually enter list/map IDs in the Policy Constructor for the pmx_notify and pmx_map_recipient actions

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PMX-284
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Errors may occur when two or more administrators edit the policy file at the same time

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Errors may occur when two or more administrators edit the policy file at the same time

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PMX-282
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The Manager's Policy Constructor does not preserve comments in the policy script that are attached to commands

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The Manager's Policy Constructor does not preserve comments in the policy script that are attached to commands; it only preserves comments attached to rules ('if' or 'elsif' statements). The workaround is to only attach comments to rules if you want to use the Policy Constructor.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Also, a command effectively becomes a rule when enclosed in an "if true" block:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    if true {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    command;
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PMX-280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The ordering of the policy actions can be misleading in the PureMessage Manager's Policy Constructor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The ordering of the policy actions can be misleading in the PureMessage Manager's Policy Constructor. New actions are added at the end of the rule, but the Policy Constructor always displays them before all nested rules. You can see the true order by viewing the source of the script

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PMX-276
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Existing publications may no longer work after upgrading

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Existing publications may no longer work after upgrading. The location of some support/configuration files are modified, but publications are not automatically migrated to use these new locations. The workaround is to delete and then recreate all affected publications

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PMX-274
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PureMessage Manager user account names are limited to ASCII letters and numbers

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PureMessage Manager user account names are limited to ASCII letters and numbers

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PMX-272
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The "Send Support Request" page in PureMessage Manager generates messages that will be sent via the server configured by the _mail_sender_ option

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The "Send Support Request" page in PureMessage Manager generates messages that will be sent via the server configured by the mail_sender option. If that server runs PureMessage, the request is subject to spam checks and may be quarantined. One workaround for this is to configure the mail_sender option to point to an internal mail server that does not run PureMessage. Another is to add the sender address for such messages to the whitelist

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PMX-270
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        There is no way to select an LDAP list to be added to the policy publication

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        There is no way to select an LDAP list to be added to the policy publication. As a workaround, manually copy the lists.conf entry to each edge server

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PMX-268
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            When adding or editing custom anti-spam rules, the pop-up dialog that displays a description of the message parts does not paste the selected part into the Policy Constructor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            When adding or editing custom anti-spam rules, the pop-up dialog that displays a description of the message parts does not paste the selected part into the Policy Constructor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PMX-266
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The PureMessage Manager reports that changes to CDB lists will take effect in 1 minute but the changes do not take effect

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The PureMessage Manager reports that changes to CDB lists will take effect in 1 minute. These changes to not actually take effect until the pmx-makemap command is run

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PMX-264
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The redirect policy action does not work with multiple recipients

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The redirect policy action does not work with multiple recipients

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PMX-262
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        When modifying the PureMessage policy by editing the Sieve code directly it is not recommended that the attachment-specific tests be combined using or , as these may produce unexpected results

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        When modifying the PureMessage policy by editing the Sieve code directly, it is not recommended that the attachment-specific tests (pmx_attachment_name, pmx_attachment_size, pmx_attachment_type, and pmx_suspect_attachment) be combined using or , as these may produce unexpected results. This type of modification is not permitted via the Policy Constructor in the PureMessage Manager

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PMX-260
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Non-ASCII characters are not permitted in the ID fields of lists, maps, and per-recipient lists

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Non-ASCII characters are not permitted in the ID fields of lists, maps, and per-recipient lists

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PMX-258
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The pmx_add_header and pmx_replace_header actions allow non-ASCII characters to be entered into header names

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The pmx_add_header and pmx_replace_header actions allow non-ASCII characters to be entered into header names, but doing so violates RFC 2822 (which prescribes internet message format), and could cause loss of data. The workaround is to not use non-ASCII characters in the header-name parameters passed to these actions

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PMX-256
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    If pmx_replace_body, pmx_notify and pmx_add_banner are passed verbatim data from the Sieve script, these actions add the data with non-ASCII characters encoded with UTF-8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    If pmx_replace_body, pmx_notify and pmx_add_banner are passed verbatim data from the Sieve script (rather than being passed a filename), these actions add the data with non-ASCII characters encoded with UTF-8. The workaround is to always pass a filename to these actions - the contents of the file can be in any character set

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PMX-254
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Non-ASCII custom marks are not supported in PureMessage

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Non-ASCII custom marks (using the pmx_mark and_ pmx_mark1_ actions) are not supported in PureMessage. They will not show up in the PureMessage Manager Policy Hit Report

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PMX-252
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Non-ASCII characters are not supported in the "Quarantine Reason"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Non-ASCII characters are not supported in the "Quarantine Reason" parameter passed to the pmx_quarantine and pmx_file actions.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PMX-250
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The pmx-policy inject and qinject commands cannot be used with the centralized quarantine

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The pmx-policy inject and qinject commands cannot be used with the centralized quarantine. For the purpose of testing changes to the policy script, use the --dry-run option with pmx-policy inject, or use the 'Policy Test' interface in the Manager

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PMX-244
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    If a per-user list and a regular list have the same name, PureMessage will always quietly select the regular list rather than the per-user list with the same name

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    If a per-user list and a regular list have the same name, PureMessage will always quietly select the regular list rather than the per-user list with the same name

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PMX-242
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The pmx_map_recipients policy action does not affect the per-user preferences applied to a message

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The pmx_map_recipients policy action does not affect the per-user preferences applied to a message. The per-user preference for the original recipient is used, rather than the preferences for the mapped recipient. The workaround is to use the recipient-aliases map. The pmx_map_recipients action should only be used to change the message recipient

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PMX-238
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The pmx-store-expire script does not remove stale mset/* files

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The pmx-store-expire script does not remove stale mset/* files. These files can be manually removed if they have not been accessed for some days

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PMX-234
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The quarantine report collector can take a long time on large quarantines

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The quarantine report collector can take a long time on large quarantines. This can lead to missing data for some time periods because the execution of report collectors cannot overlap. It is possible to alter the report collector's scheduled job so that it runs less frequently (for example, every other hour) to keep the information gaps consistent. The report collector can also be configured to skip scanning the quarantine (thereby not generating quarantine reports) by setting the --collector command-line option to MessageLog

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PMX-232
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PureMessage's Log Search Index service does not index messages that have been generated by the pmx-test command

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PureMessage's Log Search Index service, which allows for faster log searches when using the search functionality in the Groups Web Interface, does not index messages that have been generated by the pmx-test command

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PMX-230
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Test messages generated by the pmx-test program are included in reports

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Test messages generated by the pmx-test program are included in reports. This can make the reports less useful, especially if load tests were performed (as they generate thousands of test messages)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PMX-228
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            List IDs (such as the 'whitelisted-hosts' list) are limited to ASCII characters

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            List IDs (such as the 'whitelisted-hosts' list) are limited to ASCII characters

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PMX-224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                A machine that only has the EUWI role installed will issue warnings at startup

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Links to pmx-queue-runner are incorrectly installed in the /opt/pmx/etc/init.d directory if you install only the EUWI role

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PMX-206
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • v6.3.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PMX not installing with locale not english

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PureMessage Unix will not properly install if the locale is not set to english.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PMX-222
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Issue downloading the latest installer during upgrade

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      When upgrading to the latest version of PureMessage, you may be prompted to retrieve the newest version of the PureMessage installation/upgrade program. This could result in the following error:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Error during ppm install of pmx-setup at\ /PerlApp/PureMessage/Install.pm line 1134.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If this occurs, run pmx-setup a second time, and choose "yes" again when prompted to upgrade pmx-setup itself.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PMX-220
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Different usernames within a Puremessage Unix installation

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The PureMessage user needs to have the same username on each server in your deployment. If you need to support different usernames across servers, execute the following command on the machine that includes the Database Server role:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          $ pmx installation/postgres/bin/createuser -a -d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          You must do this on the Database Server for each PureMessage user with a username that is different from the pmx user's username on the database server.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PMX-218
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Issues with terminal environment

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              If the installer does not display properly, set the $PMX_TERM environment variable to 'xterm' and run the installer again. If 'xterm' does not work, try other values.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PMX-216
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Issue with curses

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  If you have trouble viewing the curses interface, it is still possible to install a new license. To upgrade to a new PureMessage license, save the license to the PureMessage user's home directory and run the command:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  pmx-setup --install-license new_license.sh

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PMX-214
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Keyboard setting during installation

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Using the number pad on your keyboard causes values to be entered incorrectly in the fields of the PureMessage installer. When entering numeric values in the installer, use the row of number keys instead.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PMX-212
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Customized httpd2.conf

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          When upgrading to PureMessage 6, any previous customizations to httpd2.conf will be lost. If you have made customizations to this file you will need to manually incorporate them into your PureMessage 6 installation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PMX-210
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Unsupported plattform warning

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The installer may warn about an unsupported plattform. If you have the proper prerequisites and libraries installed you can proceed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SafeGuard Enterprise

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Last updated: 1 Jan 2022 - 15:12:12
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Reference Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPFEE-695 SGN 8.10 n/a All file encryption modules When a file has 0 size and is opened by an IN-Application it will be decrypted on write. When a file has 0 size and is opened by an IN-Application it will be decrypted on write. n/a
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPFEE-847 SGN 8.10 n/a All file encryption modules When the destination file of a copy operation already exists and the destination file is encrypted but no key is available the destination file is deleted. The copy aborts with an Access denied message When the destination file of a copy operation already exists and the destination file is encrypted but no key is available the destination file is deleted. The copy aborts with an Access denied message n/a
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-10553 All n/a Client - Filevault Mac computers get registered in the ".Auto registered" node Mac clients are ending up in the workgroup/ .Autoregistered section of the Management Center, even though they seem to be joined to a domain. The issue occurs if the OS built-in mechanisms are not used to join the domain (e.g. using Quest Authentication Services). Use the OS X built-in function (directory util) to join OS X clients to an AD.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-1095 All (OS X) Not planned, this is by design File Encryption - Mac Over-mounted folders show wrong folder size The over-mounted folders are displayed in Finder with a size information which is not correct. Normal folders do not have a size information in the folder view, only when the information window is opened. The displayed size of the folders is usually used space on the system disk. n/a
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-1114 All (OS X) Not planned, this is by design File Encryption - Mac Folders with encryption rule cannot be shared via SMB or AFP Folders with encryption rule cannot be shared via SMB or AFP n/a
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-13115 All n/a Client - Base Login fails with an error message: The current Sophos SafeGuard@ policies do not allow you to log on. Login to the SafeGuard "Other User" Credential Provider fails with an error message: The current Sophos SafeGuard@ policies do not allow you to log on if a local user account name starts with a '#'-sign and no network connection is available For more details and available workarounds see KB-000037066
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-13274 All Not planned Management Center / LPE Default values might not be shown when changing tabs in the RSOP section of the Management Center. Default values button has to be toggled off and then on again to function when changing tabs in the RSOP section of the Management Center Enable and disable the "Show default values" button after changing a tab of the RSOP.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-14505 SGN 8.10 8.10.2 All file encryption modules Sporadic Local Cache Corruption. Under certain circumstances you might see sporadically occurring Local Cache corruptions on systems running SafeGuard 8.10 file encryption. Install the SafeGuard Client Patch 1901 (KB-000038562) to address the issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-14546 8.1 8.10.2 Server / MC Client registration fails. Auto registration is blocked while AD-sync is running. New clients do not complete the initialization and certificates are not not sent. Install the SafeGuard Backend Patch 1901 (KB-000038556) to address the issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-14552 SGN 8.0, 8.10 8.10.2 SyncEnc, DX, FE Outlook Add-In: Several seconds freeze when sending mails When sending mails with enabled SafeGuard Outlook Add-In there can be a delay of about 5 seconds under certain circumstances. Install the SafeGuard Client Patch 1901 (KB-000038562) to address the issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-14564 SGN 8.0, 8.10 8.10.2 MC Group-Memberships of universal groups are no longer synchronized. Memberships of universal groups are no longer synchronized across domains during the Active Directory synchronization, following the update to SafeGuard Enterprise 8.x. Install the SafeGuard Backend Patch 1901 (KB-000038556) to address the issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-14622 SGN 8.10 8.10.2 MC New devices cannot be added to device white list. After the upgrade to SGN 8.10 or fresh installations of SGN 8.10, new devices can no longer be added to white lists (used as encryption target). Install the SafeGuard Backend Patch 1901 (KB-000038556) to address the issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-14639 SGN 8.10 8.10.2 All file encryption modules Bluescreen Bugcheck 0x3b (SYSTEM_SERVICE_EXCEPTION) on Windows 10 version 1809 endpoints Sophos internally discovered issue which can lead to a bluescreen (BSOD) on endpoints running a SafeGuard 8.10 file encryption module.The issue can for example occur when applying Windows Updates. Install the SafeGuard Client Patch 1901 (KB-000038562) to address the issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-14702 8.0, 8.10 8.10.2 MC Unable to assign Key: An error has occured during key generation When trying to assign a key to an object (e.g. or recovery purposes) the MC might return an error code. Install the SafeGuard Backend Patch 1901 (KB-000038556) to address the issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-14778 as of 8.10.x n/a All file encryption modules Access denied when saving files in a folder that has NTFS file compression enabled User gets an access denied message when saving files in a folder that has NTFS file compression enabled Disable NTFS File Compression.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-14853 8.1 8.2 All file encryption modules Cannot open encrypted Quickbooks project (other applications potentially affected as well),when SafeGuard File Encryption filter driver is active. Opening encrypted Quickbooks projects might fail on network shares (other applications potentially affected as well),when the SafeGuard File Encryption filter driver is active. Install the SafeGuard File Encryption Engine Update build 23 or later (KB-000038421) to address the issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-14957 All 8.2 Client User still displayed as logged in after signing out. Under certain circumstances, usually with 3rd party sowftware involved, signing out a user does not complete and the user is still shown as logged in. A hotfix is available on request. As of version 8.20 there is a configuration option in the registry to adapt the behavior of the Credential Provider, contact support for details.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-14991 All Not planned Cloud Storage / File Encryption Issues in combination with "Box" cloud storage Files cannot be encrypted or transparently opened when stored in a "Box" cloud storage. No workaround available. After changes in the Box client, this can no longer be supported. As of SafeGuard 8.20 the SafeGuard file filter driver does no longer attach itself.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-14995 8.1 8.2 All file encryption modules High performance impact when accessing files not covered by an encryption rule (requires BypassFilesWithoutPolicyVolumes registry key) High performance impact when accessing files not covered by an encryption rule (requires BypassFilesWithoutPolicyVolumes registry key) Install the SafeGuard File Encryption Engine Update build 24 or later (KB-000038421) to address the issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-15016 DPSGN-14987 8.1 8.2 All file encryption modules User gets file in use error when opening or saving xlsx files on network location. User gets file in use error when opening or saving xlsx files on network location. Install the SafeGuard File Encryption Engine Update build 24 or later (KB-000038421) to address the issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-15051 8.1 8.2 All file encryption modules File Encryption driver slows down Windows explorer and search operations on network shares. File Encryption driver slows down Windows explorer and search operations on network shares. Install the SafeGuard File Encryption Engine Update build 24 or later (KB-000038421) to address the issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-2757 All (OS X) Not planned, this is by design File Encryption - Mac The path of an encryption rule must not contain a comma An encryption rule that contains a comma "," will not be applied on an OS X client. Don´t use commas in the encryption rule definition.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-3720 All n/a File Encryption - Windows Trusted application configuration not working anymore after upgrade of configured application. Scan services for AV products have to be defined as trusted applications with full path. Some AV products have the full version number in the path, so every time the version changes, the trusted application definition has to be updated. n/a
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-4735 All Not planned Client - Base When logging on to a computer using the SafeGuard Credential Provider in an environment that requires 802.1x authenticated access, the logon fails. When logging on to a computer for the first time (no cached credentials available) using the SafeGuard Credential Provider in an environment that requires 802.1x authenticated access, the logon fails and shows: There are currently no logon servers available to service the logon request. The issue is caused by the SafeGuard Credential Provider that is not fully compatible with 802.1x authenticated access. Use the Microsoft Credential Provider to logon at the operating system and authenticate to SafeGuard using the SafeGuard Authentication application afterwards.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-6310 All Not planned, this is by design Cloud Storage sent to dropbox function leaves files unencrypted If you use the "send to dropbox" function in the context menu, the file does not get encrypted. The reason is that this function uses the excluded "Dropbox.exe" n/a
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-7718 All n/a Management Center / LPE Adding members to SGN groups confusing if more than 1000 members are in the group A hardcoded filter option set to 1000 which limits the number of returned objects that can be assigned. n/a
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-9683 All n/a File Encryption - Windows Outlook search does not return results in pst archives that are encrypted using file based encryption Outlook search does not return results in pst archives that are encrypted using file based encryption Don´t encrypt outlook pst or ost files.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-9709 All Not planned, this is by design Data Exchange The file access report for writing files on optical media fails, if medium is burned in mastered mode The File Tracking feature of SafeGuard Enterprise does not support "Mastered Disc Format". Use the "Live File System" when File Tracking on optical media is required.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-15116 SGN 8.10, 8.20 n/a File Encryption - Windows Potential file corruptions when using Google File Stream Google File Stream usage on systems with SafeGuard file encryption modules there is a risk of file corruptions. Google File Stream (and also Google drive as encryption target) is not supported any more. See (KB-000038851) for details and things to consider.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-737 SGN all versions n/a SGN Server Task Scheduler does not adjust for daylight savings time (DST) Last and next run times are calculated based on UTC and than converted to the local time of the actual system the MC is running on. Depending on teh used OS, the ToLocalTime method recognizes only the current adjustment rule when converting from UTC to local time. As a result, conversions for periods before the current adjustment rule came into effect may not accurately reflect the difference between UTC and local time. n/a
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-15562 SGN 8.10 / 8.20 / 8.30 File Encryption Engine build 32 File Encryption - Windows Compatibility issues with Adobe InDesign and File Encryption. Saving or opening files using Adobe InDesign in a share covered by an encryption rule does not work. Install File Encryption Engine build 32 (or newer). See (KB-000038421).
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-15553 SGN 8.10 / 8.20 / 8.30 File Encryption Engine build 31 File Encryption - Windows Printing documents on a remote printer (e.g. via RDP) fails. When trying to print on a redirected remote printer, the SafeGuard File Encryption Filter Driver tries to obtain the file information for the redirected printer stream which can cause the print operation to fail with an error message: Printer is in an error state. A workaround is available in KB-000039209
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-15715 SGN 8.10 / 8.20 / 8.30 with FEE build 31 File Encryption Engine build 32 File Encryption - Windows A file might show as corrupt when opening it from the SGPortable tool. When using SGPortable on a system with a File Encryption module installed, a file might show as corrupt when opening it from the SGPortable tool. Closing the tool and refreshing the explorer solve the issue. Install File Encryption Engine build 32 (or newer). See (KB-000038421).
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-15696 SGN 8.10 / 8.20 / 8.30 n/a File Encryption - Windows 3rd party software conflict with applictaions verifying licenses from a network resource (e.g. Axys). 3rd party software, that accesses a network resource for license verification upon start, might show issues in combination with the SafeGuard minifilter (part of all file encryption modules as of SafeGuard version 8.10). A workaround is available via support.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DPSGN-15937 SGN 8.10 / 8.30 File Encryption Engine build 37 File Encryption - Windows Windows Updates might fail on Windows 11 clients. Windows Update on Windows 11 clients might fail when the SafeGuard file filter drivers are active. Install File Encryption Engine build 37 (or newer). See (KB-000038421).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Sophos Connect

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Last updated: 29 Jun 2022 - 17:07:24
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NCL-1377
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Sophos Connect 2.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Sophos Connect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                IPsec connection downloaded via provisioning file, does not automatically update policy when a policy change is made on XG

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                There are two cases where the IPSec connection downloaded via the provisioning file might not be updated once a change is made on the XG

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1) The Sophos Connect Client has an active connection

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2) The Sophos Connect client is not connected to XG when the XG policy is modified.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                When the Sophos Connect client will try to connect to XG,  the connection will fail due to a policy mismatch error. The client will not automatically trigger a update policy request. The user has to manually trigger a "Update policy" request from the settings menu.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 This might happen with a greater probability if the allowed networks are changed in the policy. Also this will happen if a policy is changed from tunnel all to split network and the network list is not identical on both ends.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Trigger a "Update policy" to re-synchronize the policy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NCL-1618
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Sophos Connect 2.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Sophos Connect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "Failed to validate certificate" when importing/connecting with Sophos Connect Client

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This relates to Sophos Connect Client configuration of the SFOS appliance using 3rd party signed certificate.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  When using 3rd party signed certificate on the “remote side” of the configuration, and "ApplianceCertificate" on the local side, the connection will import fine and connect the first time. After reboot of the workstation or restart of the services related to Sophos Connect, an error message will pop up stating "Failed to validate server certificate" when trying to connect again.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Use a self-signed certificate, signed by the SFOS appliance on the “remote” side.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Use PSK instead of certificates.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NCL-837
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Sophos Connect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Sophos Connect: Cannot authenticate user with german umlauts

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Sophos Connect for the time being only supports Ascii characters, no umlauts or UTF-8 or UTF-16.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NCL-834
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Sophos Connect 1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Sophos Connect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Sophos Connect failed to start due to port 60110 used for HTTP server is already in use on the system

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Sophos Connect Client uses Port 60110 on the local host to communicate with the local webserver. If this port is used by some other service before Sophos Connect Client starts, then Sophos Connect Client will fail to start.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NCL-1378
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Sophos Connect 2.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Sophos Connect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          If XG has configured both IPsec and SSL VPN policy, Only the SSL VPN policy has the "Update policy" option available in the settings menu

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          When both the IPsec and SSL VPN policy is configured on XG, the connect client will connect to the user portal and download both the policies on the end user computer. But ONLY the SSL VPN policy will have the option of "Update policy" in the settings menu. In order to trigger a policy update for IPsec policy, the user will have to trigger the same via the SSL VPN policy.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NCL-1382
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Sophos Connect 2.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Sophos Connect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Getting error “OpenVPN service is not available” not available while connecting SSL VPN from windows 7 and 8.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SSL VPN is not supported for Windows 7/8 in Sophos connect.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            You may get the error "Openvpn service is not available" while connecting SSL VPN from Sophos connect.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            As a workaround, you may use a legacy SSL VPN client.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Use a legacy SSL VPN client.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NCL-1391
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Sophos Connect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                After deploying Sophos Connect provisioning file on SC 2.1 the first authentication to vpn always fails when OTP is enabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Issue:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                After deploying the Sophos Connect provisioning file on SC 2.1 the first authentication always fails when OTP is enabled.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 *Behavior:* 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The Client will use the OTP the first to connect to the User Portal. Then it has to use a new OTP, but the OTP is generated by the Sophos Authenticator and the user has to enter the new OTP after the first one rotates. The client does not wait for that to happen. Instead, it uses the same OTP and that will fail and the user is prompted for authentication again. So the user has to enter the credentials again and they should be connected to VPN. This is a known issue. **

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Enter the credential and OTP again.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NCL-836
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Sophos Connect 1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Sophos Connect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  [Mac] Not able to import connection files which has non-ASCII characters in file name

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Sophos Connect is unable to import files containing UTF-8 / UTF-16 characters e.g.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NCL-835
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Sophos Connect 1.3 GA (1.3.65)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Sophos Connect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Sophos Connect : [Windows] {Intermittent] Getting "Failed to load connection" error after wakeup from sleep

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    This issue is occasionally seen mainly when the computer wakes up from sleep and the connection is set for Auto-connect and user is not on the domain network. The system recovers automatically so user intervention is not necessary.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NCL-833
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Sophos Connect 3.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Sophos Connect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Unable to unzip Sophos Connect generated TSR zip file on Mac OS 10.12.6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      -> Go to About page on Sophos Connect UI

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      -> Click Generate TSR buttong

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      tsr.zip file is downloaded to the default download location. Tried to unzip the zip file but not able to unzip on 10.12.6 Mac OS version. Tried it on Mac 10.13, zip opens up. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NCL-839
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Sophos Connect 1.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Sophos Connect
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        DNS server(s) are not updated on the network monitor page of Sophos Connect Client

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If the DNS servers in the Sophos Connect Client policy on the XG firewall are changed while there is a VPN connection established, then the DNS Servers display on the Network Monitor page are not updated to the changed DNS servers.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Disconnect the existing connection and then re-establish it.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Sophos Email

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Last updated: 23 Sep 2022 - 10:46:58
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        XGE-25028
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SPF_LOGS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SPF soft fail

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Sophos Email Security only generates an SPF-Fail on a hard fail if the SPF-String is terminated with "-all".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SPF-Strings terminated with "~all" (note the tilde character) that don't match the senders IP address don't cause an SPF-Fail.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            XGE-23995
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Quarantine
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Quarantined messages missing from Quarantined Messages report.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Emails quarantined because of Data control violations can't be released because they don't appear in Quarantined Messages. You can see them in Message History, with the quarantine reason "Data control".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Please ask Sophos Support to release these emails.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                XGE-23768
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Outbound Relay Control
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Unable to send outbound email if an email address includes "!".td>

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Sophos Email Security doesn't send emails if there's an exclamation mark in the email address. It's rejected with "Relay access denied".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Remove the "

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    " character.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    XGE-24715
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Attachment Filtering
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Inbound email attachment is removed if it's uuencoded.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If an inbound email has attachments that use uuencoding, the attachments are removed. This is because messages with uuencoded attachments, and the attachments, are processed as text messages.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        XGE-23508
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Policy configuration
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Sophos Email Security doesn't accept addresses with the "!" character.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Emails with addresses containing the "!" character (exclamation mark) in the local part of the email address aren't supported, and are rejected.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            For example: mailhost!username@example.org.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Remove the "

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            " character.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            XGE-10569
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • 2019.15
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Self-Service Portal
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SSP Quarantine and Emergency Inbox are empty.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              A user has been given access to the Sophos Email SSP. They have mail in quarantine and the Emergency Inbox is turned on. But when using SSP the Quarantine and Emergency Inbox pages have no items.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              This might happen when more than one user is assigned the same email address, and at least one of those users has no mailbox.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • In Sophos Central go to "People".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              -Filter users by the email address of the affected user.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              -Click each user to find the one that doesn't have a mailbox.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              -Use "Delete User" to delete the user without a mailbox.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              -Go to "People" and filter by the email address again.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              -Select the user in question.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              -Click "Email Setup Link" and select Sophos Central Self Service Welcome.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The user can then access the Self Service Portal using the instructions in their inbox.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              XGE-18900
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • 2017.35
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Custom URL
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Unable to add more than 129 URLs

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The Sophos Email Security URL allow list can only contain up to 129 URLs.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                XGE-19011
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Quarantine
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Language selection for QS email in Sophos Email Security.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    All mailboxes use the same language for the QS email. This can't be changed for individual mailboxes.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    XGE-17643
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • 2020.32
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Outbound
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Outbound emails sent from the eu-central region to Microsoft-hosted domains go to the junk folder.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The junk categorization isn't a result of the emails coming from Sophos Email Security, because other emails are succesfully delivered to inboxes of addresses on Microsoft-hosted domains, for example outlook.com.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Although Microsoft does not publicly share how it classifies email as junk, anecdotal evidence suggests that it learns from the recipient's actions. If customers' emails are repeatedly marked as junk by recipients in Microsoft-hosted email domains, then future customer emails might automatically be marked as junk.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Inform and educate customers sending emails to Microsoft-hosted domains to exercise caution with the type of emails they send, to prevent recipients from reporting emails as junk.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      XGE-17740
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • 2020.38
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • inbound
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Central changes formatting of inbound email.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Reflexion has a Message Format Options feature which allows you to attach a control panel to the bottom of all incoming messages. This changes the content type of incoming emails to text/html and, if the control panel language is set to English, changes the character encoding to US-ASCII. If it's set to a different language, the character encoding used should match the selection.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Sophos Email Security doesn't have an equivalent feature so it doesn't change the content type and character encoding of incoming emails.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        XGE-18940
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Admin Quarantine
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Sophos Self Service Portal has no emails when signing in.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            This happens if a user's account has been linked to a user without a mailbox.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Delete both the user account without a mailbox and the one with the mailbox. Then create a new user and mailbox.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If the email address was used under a different Sophos Central account, it should be removed there first. If you can't do this, raise a case with Sophos Support.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Note: Quarantine repositories and emergency inboxes are linked to user accounts via an ID. You can't remove an ID from these repositories and attach a different one.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            XGE-19247
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • 2020.50
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Postfix
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              TLS versions on Sophos Email.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              We constantly evaluate the TLS versions and ciphers we support. We accept versions and ciphers earlier than TLS 1.2 because a significant number of customers haven't upgraded.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              We don't support PFS for TLS versions earlier than 1.2 because the ciphers available in TLS 1.0 and 1.1 that support PFS are unauthenticated. These ciphers use SHA1 on its own, or with MD5, and they're vulnerable to man-in-the-middle (MITM) attacks.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              We recommend customers migrate to TLS v1.2 or later.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              XGE-19982
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • 2021.13
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Quarantine
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Sophos Email Security doesn't send quarantine summary emails to distribution lists.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Sophos Email Security only sends quarantine summary emails to user mailboxes. We don't send them to mailboxes for distribution lists.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                XGE-20166
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • 2021.19
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Quarantine
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Not all quarantined messages appear in Quarantine Summary (QS) emails.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  QS emails don't include messages quarantined because they failed impersonation or Date control rules.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  XGE-10116
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • 2018.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Admin Quarantine
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    QS shows no data

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    QS is empty, although a user received a quarantine summary email.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    This can happen with Microsoft's Safe Links feature in Defender for Office 365. This feature clicks links in our notification emails to test them, which can remove the emails from quarantine.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    XGE-12394
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • 2017.35
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Postfix
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Outbound Google Workspace (formerly G Suite) emails with aliases in different domains aren't sent.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The "envelope from" and "data from" headers in outbound emails sent through Sophos Email Security must be in the same domain.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      When using Google Workspace as an email service provider, if an outbound email is sent with an alias from a different domain, it won't be relayed outbound. This is because when sending as an alias in Google Workspace the "envelope from" header is the primary account.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      For example domain1.com and domain2.com are both protected domains with valid mailboxes.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If the primary account email address is user@domain1.com and an email is sent from the alias alias@domain2.com, Google Workspace sends the email with the "envelope from" header as "user@domain1.com". But the "data from" header is alias@domain2.com.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      This email is rejected as the "envelope from" and "data from" headers don't match.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Contact Google Workspace support to ask for the "envelope from" and "data from" headers to be matched for outbound emails, regardless of the alias used.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      XGE-15756
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • DLP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Files with the .P7B extension blocked when the Certificates category is enabled in a Data control (DLP) policy.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          If a Data control policy has the Certificates category selected, alerts are raised for .p7b files, even though the .p7b extension isn't in the Certificates category.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          This is because Data control blocking uses True File Types and .p7b files share a file type with the .crt exception.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          XGE-15018
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • 2020.05
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • user level rate limit
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Errors received in Sophos Central about rate limits or mail flooding.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If users send more emails than Sophos Email Security allows, emails are rejected. You see the following error:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NDR/bounce: 554 5.7.28 Mail flood detected.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Admin dashboard: Outbound sender rate limited for "user".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If senders regularly send high volumes of emails, for legitimate reasons, you can ask Sophos Support to classify the mailbox as a bulk sender.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Bulk senders have a higher sending limit than standard users.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            XGE-14604
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • 2019.27
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Admin Quarantine
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Quarantine message may display incorrect values at the bottom of the page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Quarantine message may display incorrect values at the bottom of the page. Eg Displaying 0 of 100 messages / 0 Selected.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              There are no missing messages, this is a cosmetic issue with the widget displaying the correct information.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              There are no missing messages, this is a cosmetic issue with the widget displaying the correct information.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              XGE-13386
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • 2017.26
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Quarantine
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Sophos Email Security can't read QS emails on mobile devices.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The subject line of a message in the QS email is compressed to such a small column width, and the text is so small, that users can't easily read it.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Users should log into the Sophos Self Service Portal to check their quarantine summary messages.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                XGE-13116
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • AD Sync
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Azure AD Sync isn't available to MSP customers or partners.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MSP customers can't use Azure AD Sync because of limitations with Azure AD Sync and non-email products. We'll try to resolve this.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    XGE-11180
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • 2017.35
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Policy configuration
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Smart banner not applied to plain text emails.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If an email arrives without an HTML body part, a smart banner isn't added.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Smart banners are applied if the following conditions are met:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Smart banners are turned on in the policy.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The email contains text/html content in the body.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      XGE-8099
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • 2017.35
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • DKIM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Sophos Email Security application of DKIM checks.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        There is no industry standard for deciding if a DKIM (DomainKeys Identified Mail) check passes or fails.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        To find out how Sophos applies DKIM checks, see Known Behavior of DKIM (DomainKeys Identified Mail).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        XGE-8023
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • 2017.35
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Postfix
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          We don't send NDRs for accepted inbound emails.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Sophos Email Security doesn't create non-delivery reports (NDR) for emails going to valid mailboxes that it can't deliver to their final internal destination.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Sophos Email Appliance (SEA)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Last updated: 01 Nov 2021 - 09:24:10
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          SEA-1760
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Quarantined messages do not get Additional rules apply

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Quarantined messages do not get additional actions applied like adding banner to message.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              This is because the rule copies the message to quarantine before preforms the additional actions on the original message.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Create duplicate rule before that does additional actions first and main action to continue
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Then change the original rule to just quarantine without the additional actions

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SEA-1051
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • v4.2.0.2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Table formatting broken within SPX encrypted mails

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                When an outbound SPX encrypted mail is sent that contains a table, the formatting of the table is removed within the resultant PDF

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                This only applies to the mail content being viewed within the PDF file itself. If the option to attach the original email to the PDF is selected, the formatting within the attached mail will be correct

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                While creating outbound policy for SPX encrypted mail, select the option "Attach original email to PDF" from Main Action Tab.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Selecting this option will attach an original message (.eml) file to the encrypted PDF, the formatting of the mail within the .eml file will be correct

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SEA-1320
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • v4.3.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Quarantine digest mail inconsistent with quarantine portal

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Mails shown in the quarantine digest mail and the quarantine portal are inconsistent in the following situation:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Inbound Viruses To All policy is set to "Quarantine, drop file and continue"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Inbound Spam rules are set to Quarantine (reason:spam)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • An inbound mail is received that triggers both rules

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The attachment is stripped by the AV rule, the mail then hits the AS rule which puts it into quarantine. The mail then appears in the quarantine digest but not in the quarantine user portal.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SEA-1524
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • v4.4.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Appliances not picking up repo changes if Software Auto Update is set to Off

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In the following rare situation the SEA may be unable to process mail:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • The appliance was at some point on a non-mainline repository

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • The appliance has Auto-updates disabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Auto-updates remain off for greater than 3 months

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The combination of the above results in the appliance being unable to detect the repository change when it is moved back to the mainline repository. This causes the AV Engine to be out of date which means the appliance is unable to scan mail and therefore quarantines all mail as 'cantscan'

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Allowing the appliance to update AV engine without updating the software version could results in incompatibilities.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The workaround for this is to either enable auto-updates, or to temporarily turn on auto-updates periodically to ensure that the appliance adjusts it's repository

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SEA-1578
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • v4.5.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Using policies to whitelist files leads to unexpected block/allow behaviour

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      When attempting to use policies to whitelist filetypes, unexpected behaviour may be observed when processing archive files. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      When archives (.zip, .docx etc) are being processed they will have multiple filetypes within that one attachment

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SAVI does the filetype analysis on a given attachment and returns this to SEA. This will result in a true or false returned for each attachment. If the policy is being used to whitelist a filetype then True (allow action) will be returned as soon as ONE whitelisted filetype is found within an given archive

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      This will result in the archive being delivered even though it contains many other filetypes that are not on the whitelist

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Ideally policy should be used to blacklist filetypes that you want to protect against.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Partial workaround would be to create a policy above the 'whitelsiting filetypes' policy that blocks common archive files. This doesn't completely solve the problem, but will reduce how frequently the scenario occurs.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SEA-1655
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • v4.5.2.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NDR mails will indicate mail could not be delivered to 'one or more' of the recipients

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If the SEA is unable to deliver an outbound mail that is destined for multiple recipients NDRs will not be generated for individual recipients. The NDR will be sent back to the original sender indicating that the mail could not be delivered to one or more of the intended recipients.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SEA-1523
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • v4.2.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          HTML content & Encrypting Mails using SPX

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          SPX Encrypted PDFs only supports plain text, html content such as images will be converted to plain text.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          SEA-1606
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Search results are partial matches instead of exact

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Search results are partial matches instead of exact

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              When doing a search example abc@domain in Quarantine queue it will show up all email that contain abc not all email that have abc@domain

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              example
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              searching for abc@domain could return the following

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1234abc123@domain
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              testabctest@domain

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              instead of just all emails for abc@domain

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SEA-1547
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • v4.5.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                DMARC reports generated from the Sophos Email Appliance are not getting signed with DKIM

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                DMARC reports are not signed by DKIM as the reports are system generated (same as SPX and other system generated mails).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SEA-1575
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • v4.5.0.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    On very rare occasions SEA may not record the subject of an outbound mail in the UI

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    On very rare occasions SEA may not record the subject of an outbound mail in the UI. This occurs if there is a property of the mail causes a delay in it's processing, the logging daemon is then unable to update the message details and add the subject information

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    This has no impact on message is processing or mail delivery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SEA-749
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • v4.0.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SPX emails are not DKIM signed

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      When encrypting E-Mails with SPX, they will not be DKIM-signed,

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SEA-1418
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • v3.9.1.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        inconsistent logging of time in audit.log

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Times for login and logout in /var/log/audit.log are inconsistently logged.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Sometimes they show UTC and others they show local time.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The issue is known, but will not be fixed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SEA-1484
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • v4.4.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          SPX changes file names when 'dash number' is in the name

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          When emailing attachments with '-' # like test-1 SPX encryption will change the name of the file.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Example:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          When sending attachments named e.g. : test-1, test-2, test-3, test-4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The recipient would get the following attachment names in the encrypted email:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          test, test-1, test-2, test-3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Do to not send any files with '-'# as the file name.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          SEA-1392
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • v4.3.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • v4.3.1.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Non-English characters are not accepting by SEA in Block / Warning Page for Time-of-Click Protection

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Hi Team,

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            We have a case, in which customer is trying to customize Block / Warning Page for Time-of-Click Protection from “SampleTemplates.zip”. However, when customer is trying to modify template with German characters, and found he is getting error as
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            “*Blocked Page: HTML file does not contain valid syntax.(Falling back to previous settings)*”
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            when he hit “Apply”.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            For test, customer tried to add the below line:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Sophos Dies ist eine verschlüsselte Nachricht!

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Before “Sophos Time-of-Click Protection reports that….” And save the sample template. We tried to perform as well and found we can reproduce the scenario at local appliance by adding “Sophos Dies ist eine verschlüsselte Nachricht!” line in our template.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If we replace “ü” with “u” in “verschlüsselte”, then appliance accept the template and we able to get updated template in “Preview”.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Customer gave another word to get test “Привет”, which is causing same behavior and throwing error to us.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            I only get below logs during that time from admin_access.log

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ==> /opt/pmx/var/log/apache2/admin_access.log <==
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            172.16.32.2 - admin [02/Jul/2018:11:12:07 +0000] "POST /component/Popup/ConfigureBlockedUrlPage.html?/Config/Policy/FilteringOptions HTTP/1.0" 200 3318 57295µs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            172.16.32.2 - admin [02/Jul/2018:11:12:10 +0000] "POST /ajax/Widget/LogStatus/GetLogStatus HTTP/1.0" 200 505 122549µs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            172.16.32.2 - admin [02/Jul/2018:11:12:18 +0000] "POST /cgi-bin/fileadd_blocked.cgi HTTP/1.0" 302 - 163641µs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            172.16.32.2 - admin [02/Jul/2018:11:12:18 +0000] "GET /Config/Policy/FilteringOptions HTTP/1.0" 200 21744 202710µs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            172.16.32.2 - admin [02/Jul/2018:11:12:26 +0000] "POST /ajax/Page/FilteringOptions/SaveData HTTP/1.0" 200 349 53232µs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            172.16.32.2 - admin [02/Jul/2018:11:12:29 +0000] "POST /ajax/Widget/LogStatus/GetLogStatus HTTP/1.0" 200 505 97308µs

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            I tried to collect the logs for same, but couldn’t find any logs during time of error occur. How, we can fix this and customer can use non-English characters in template?

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SEA-1226
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • v4.3.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • User Interface
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Subject/Client will not be displayed for dmarc reporting mail in log search

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Dmarc report mails those are sent by SEA to domain owners will be displayed in log search UI. But the client and subject column will be "-".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SEA-1084
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • v4.2.1.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SPX encrypted emails can not be printed using the Mac OS Preview App

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Mac OS Sierra can not print SPX encryted E-Mails using the preview app

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Use Adobe Acrobat Reader to open and print the message

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SEA-1038
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • v4.2.0.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • User Interface
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Updatepath and Connection Test URI Mismatch

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The connectiontest currently checks a different part of the contentdeliverynetwork then the appliance retrieves its updates from.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Allow the Email Appliance to connect to any HTTP/S destination on the internet.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SEA-1046
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • v4.2.0.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SPX reply fail SPF checks

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The secure copy option from the SPX portal reply page sends the copy as the email address of the sender. (the person doing the reply). When that message leaves the email appliance to the receiving server on the internet it may reject the message because the email appliance is not the owner of that domain. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Detailed explanation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    We have a Sender from Domain A who sends encrypted message to Domain B.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The message is processed by email appliance and an encrypted message is sent to Domain B
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The user in Domain B opens the encrypted message with password and clicks on reply. They are directed to the reply page on the email appliance.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    On this web page the users types there reply and selects "Secure Copy"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    This generates an email which forks. One is sent to Domain A person the another is sent to Domain B person. The from address in this message is Domain B person's address
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The email appliance tries to send this email outbound to person B address. At this point the message could be block by spf or RDNS as the email appliance is not the owner of Domain B and should not be send as Domain B. This could also lead to Domain A being blacklisted.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Client is requesting that the secure reply (secure copy) FROM header is configurable or written with "@yourdomain.com" instead of using the repliers address to avoid rejects due to spoofing OR completely remove the option Send me a secure copy.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Also note that the secure reply (copy) is not encrypted when sent back to client (person doing reply from portal) This would possibly mean that the original message that they wanted encrypted could be in the reply. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The copy should be encrypted. One option to resolve this is spx encrypt the secure copy and have the from address the postmaster address or an address that can be set.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Issue Reproduction
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Your domain behind the SEA is abc.com
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The recipient is outside.com
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    For outside.com MTA try to turn on SPF or RDNS checks

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Turn on SPX encryption and ensure that you allow a "Include Reply All button in encrypted messages" is checked and allowed (enable the Secure reply portal in the SPX template).
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. Send an email from test@abc.com to ext@outside.com and make sure it is SPX encrypted
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3. ext@outside.com will receive email and open the SPX encrypted email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    4. Hit the Reply button in the email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    5. This will take you to the reply portal
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    6. Put in any characters in the email and make sure "Send me a secure copy" is selected at the bottom of the page.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    7. The email will be received by test@abc.com BUT the secure copy sent to ext@outside.com will be likely rejected due to spoofing.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SEA-985
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • v4.1.1.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      BULK Mail volume not counted for TOC-Mails

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The Bulk Mail check is performed before the Time-of-Click check.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      During the processing of the message the Rule-variable is first set by the Bulk-Check and later overwritten by the Time-of-Click check.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SEA-858
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • v4.1.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • User Interface
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        remote assistance failed message in gui

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        In a clustered environment while connected to Admin UI with Remote Assistance enabled, the Admin clicks the Dashboard button and sees "Remote assistance CONNECTED" at the top of the page - but then after clicking on the Configuration button it shows "Remote assistance FAILED"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        In a clustered environment the Admin UI correctly shows the Remote Assistance status at the top of the page.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The config page always shows the result of the Remote Assistance of the master.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If the Remote Assistance fails on the master, but succeeded on the slave, the slave will display the correct status at the top of the page, and "failed" on the configuration page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SEA-705
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • v3.8.0.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • v3.9.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        DOCS UPDATE: email addresses starting with # are getting rejected by ldap recipient validation

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Email addresses that start with "#" will be rejected by ldap recipient validation, because they are interpreted as comments.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SEA-709
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NDRs are quarantined by milter when Outbound policy action is reject

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          If an outbound policy has been configured with a main action of "reject", a non-delivery report (NDR) message will be generated, but the NDR will not be delivered to the original sender. You should instead configure your outbound policy with a main action of "discard", then configure an additional action to notify the sender that the message was not delivered

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          SEA-748
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • v4.0.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Truncated URLs in SPX encrypted E-Mails

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Adobe Acrobat will truncate URLs in SPX-encryped E-Mails after the first ';'-character.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SEA-747
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Double-byte messages forwarded from quarantine may not be displayed correctly in Microsoft Outlook

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Double-byte messages forwarded from quarantine may not be displayed correctly in Microsoft Outlook

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SEA-745
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • User Interface
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Search: Status bar displays previous message after click Forward, then click Search

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                After forwarding a message on the Search In page ( Search > Quarantine ), and then performing a new search, the status bar does not indicate the updated number of search results.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SEA-743
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • User Interface
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Policy Wizard - Selected groups - behaviour of Available groups when switching tabs

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  When configuring the Users & Groups page in the Policy Wizard, it is possible to add an Available group to the list of Selected groups on either the Include Recipient or Exclude Recipient tab. If this group is not explicitly removed from the Selected list, it will not become available in the other tab when the user selects the Custom Groups option. This behavior also occurs with the Include Sender and Exclude Sender tabs in the same section.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SEA-741
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • User Interface
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Clearing 'Outbound mail proxy' value insists on having a valid port number

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    An error is displayed if the Port field is cleared when trying to remove a previously configured outbound mail proxy ( Configuration > Routing > Internal Mail Hosts ). However, clearing the Hostname field, but leaving the Port field filled results in the outbound mail proxy being cleared

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SEA-739
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • User Interface
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Deleting a rule after reaching max number of rules does not re-enable the add button

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      When the maximum number of rules (20 for anti-spam and anti-virus and 40 for content) has been exceeded, the Add button is disabled. Then, if a rule is deleted, the Add button is not re-enabled.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SEA-737
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • User Interface
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        invalid Static IP config breaks install

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If you enter an invalid static IP address when using the Install Wizard, it is not possible to continue to the next page of the wizard.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SEA-735
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Search Mail Logs - There are duplicate "Scanned" lines for the message with multiple recipients

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          When a message has multiple recipients, duplicate Scanned lines may appear when performing a mail log search.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          SEA-733
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Reports incorrect for day/hour boundary period

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Some thirteen-week reports do not return accurate results for timezones other than GMT.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SEA-731
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • User Interface
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Jump to page input box works inconsistently and incorrectly in different list editors

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              When there are several pages of entries in a list editor, navigating to a different page of entries may work inconsistently.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SEA-723
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • User Interface
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SNMP tables in the UI incorrectly display multiple spaces in the Community Strin

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                If a community string contains one or more space characters, the multiple space characters are displayed as single spaces in the user interface. The correct string is displayed in the mouseover popup.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SEA-729
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Certain keyword entries may occasionally cause slow processing of large attachments

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Certain keyword entries may occasionally cause slow processing of large attachments

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SEA-727
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Logsearch issue when messagesplitting occurs

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In some instances, a message with multiple recipients may have end-user specific settings. Such messages are split and sent to several destinations. In this case, a mail log search only displays the last triggered policy rule triggered; this may not be accurate.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SEA-725
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Police rule change doesn't change historical data

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If a policy rule description is changed, the description is not updated retroactively for previously logged data, which displays the original rule description.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SEA-721
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        EDN is not sent when all non-degraded appliances have failed ldap sync when an appliance is down

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        No alerts are sent and LDAP synchronization fails when an appliance drops out of a cluster. The alert is only sent when the missing appliance rejoins the cluster, but LDAP synchronization continues to fail.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SEA-719
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Microsoft Outlook Express cannot view messages which contain attached messages, forwarded from the quarantine

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Microsoft Outlook Express cannot view messages which contain attached messages, forwarded from the quarantine.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          SEA-717
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • User Interface
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Many screens cannot be updated when the admin TZ is displaced from the system TZ by 15 or 30 minutes

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If the system timezone and the admin timezone are different, and the difference of hours is not a whole number, administrators may be unable to change time and date settings.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SEA-715
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Special Character in Quarantine Search fields

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              When using certain special characters in quarantine search fields, the characters will match anything in the quarantine, resulting in searches that return all messages in the quarantine. The special characters include, but are not limited to: !@#$%^() .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SEA-713
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                deal with non-alphanumeric ascii characters in local part of email addresses consistently

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Quarantined email messages that contain & in the local part of the recipient email address will not be processed correctly if they are released from the quarantine. Instead, the part of the address preceding the & will be truncated.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SEA-711
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • v3.7.8.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Milter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SPX Secure Reply

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  For the purposes of SPX secure reply, the appliance determines whether a message is inbound or outbound by comparing whether the recipient's domain appears in the list of incoming mail domains. A message to an external recipient may be considered inbound if you have configured your appliance to use an incoming mail domain that is the same as the recipient's domain name. This in turn may affect any policy rules that are configured to use SPX encryption only for outbound messages.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SEA-696
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • v4.0.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Hard Drive Replacement Issues

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    If you need to remove or replace a hard drive in the ES4000, ES5000 or ES8000, the hard drive must be replaced with a new, formatted hard drive.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Installing an unformatted hard drive (even if it has not failed) causes these models of the Email Appliance to lock up.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Notice: After you install the replacement hard drive, the Email Appliance mirrors and integrates the drive in the background. This process may continue for a few hours, depending on system load.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Sophos Firewall

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Last updated: 28 Nov 2022 - 05:30:48
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-111087
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SFOS 19.5.0 GA-Build197 (19.5.0.197) [Anaa]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • HA
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Not able to establish HA when logical port(bridge/lag) is selected as admin port ("Peer administration settings" )

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Steps To Recreate:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Not able to establish Quick HA if one of the appliances has a bridge interface as an admin port

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If both the appliance have the same logical interface which is selected as "Peer administration settings" then it will work

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-110072
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFOS 19.0.0 GA-Build317 (19.0.0.317) [Tupai]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Core Utils
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        UTF-8 character in the backup file name causes issue of the user unable to download the backup file.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        UTF-8 character in backup file name causes issue of user unable to download the backup file.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Nothing happens when the user tries to download the backup file with file name contain UTF8 characters.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        We do not have any workaround or solution at the moment, Please do not use UTF-8 characters for the backup filename.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-106896
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Core Utils
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            XGS 116(w) r1 & r2 units are having wrong PoE default values. Default should be AT(30W), but it is AF(15).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            There is an issue with XGS 116 r1, 116Wr1, 116r2 & 116Wr2 units related to default power settings for the PoE Port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The default PoE power setting on this models should be AT(30W). But instead the units in the field are running with default PoE power setting as AF(15W). Also there is no mechanism right now in xgs-poe utility for this models to increase the power setting from AF to AT.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            This issue is being fixed in SFOS 19.0.2 MR2, 19.5 MR1. Customer when upgrading the units to this version, its default PoE power setting will be set to AT(30). Then customer can also change PoE power from AF to AT & vice-versa using the xgs-poe utility.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-109642
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SFOS 19.5.0 GA-Build197 (19.5.0.197) [Anaa]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SFOS 19.5.1 MR1-BuildXYZ (19.5.1.XYZ) [Hatutu]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SFOS 19.5.1 MR1-BuildXYZ (19.5.1.XYZ) [Hatutu]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • WWAN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            WWAN - Export/Import is failed to import the WWAN configuration even though import event was successful.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            WWAN - Export/Import is failed to import the WWAN configuration even though import event was successful.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-106815
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SFOS 19.0.1 MR1-Rebuild-Build365 (19.0.1.365) [Akamaru]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Logging Framework
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              /conf is gradually filling up if on box reports of appliance is off.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              /conf partition on the appliance gradually filling up if On box reports of appliance is disabled/off. While conf partition gets 100% unable to login to GUI.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Issue will be resolved in 19.0.2 MR 2 and 19.5 GA

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              If on box reports are off, Need to turn on On-box reporting from console.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              console> set on-box-reports on

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-53886
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 17.5 MR8 (17.5.8.539)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                40Gbit QSFP+ Flexiport module is not recognized in SG/XG 430/450

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Sophos 40Gbit QSFP+ Flexiport module is not recognized at all in SG/XG 430/450 due to power sequence issues. A fix is in progress.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                No Workaround

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-107248
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SFOS 18.5.0 GA-Build264 (18.5.0.264) [Antigua]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SFOS 19.5.0 GA-Build197 (19.5.0.197) [Anaa]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Licensing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Unable to activate evaluation licenses - Error XG-00351

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Situation:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                •  Partner/customer is unable to activate any evaluation license by initiating it from the XGS unit under “System” → ”Administration” → “Licensing” → “Activate evaluations”

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Activate eval license in "My Sophos" portal

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-103820
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SFOS 19.0.0 EAP0-Build190 (19.0.0.190) [Tahiti]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Clientless Access
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Clipboard's not working in RDP bookmark

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In v19 and later, there have been several security improvements in Sophos Firewall to prevent attackers from getting hold of sensitive information. One of the changes we did was upgrading the RDP component to the latest version to improve the overall security posture. The clipboard functionality is not directly compatible with the latest RDP components making it non-supported with versions 19 and later. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-84972
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 17.5 MR16-Build830 (17.5.16.830) [Timor]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  /tmp might get full due to 0x1XXXXXX files on XG85 with web content cache enabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Issue:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  When using the Web Proxy, there are files that are stored in /tmp as they are virus scanned. If Web Caching is turned on (Webadmin → Web → General settings → Enable web content cache) the /tmp directory might run out of space.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Determining if the system is affected by this issue:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  df -h /tmp
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  If the availble space is 0MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  du -c /tmp/0x1*
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Non-zero length files can take up a significant portion of the partition.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Note: large numbers of files that are zero length are not an issue.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Impact:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  When the /tmp partition is full several parts of the system suffer, webadmin is no longer accessible, and the box needs to be rebooted to recover.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Either disable web content caching: Go to Web > General settings > Enable web content. Disable the option. Note that this option is disabled by default.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  or reboot the system

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-106986
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SFOS 19.0.0 GA-Build317 (19.0.0.317) [Tupai]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SFOS 19.5.0 GA-Build197 (19.5.0.197) [Anaa]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SFOS 19.0.2 MR2-BuildXYZ (19.0.2.XYZ) [Kamaka]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SFOS 18.5.5 MR5-BuildXYZ (18.5.5.XYZ) [Haiti]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • DNS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Wildcard and multiple IP address FQDN firewall rules failing sporadically

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  When using Wildcard or Multiple IP address FQDN hosts in firewall rules, it might occur that they are properly resolved to the corresponding IP addresses on the Sophos Firewall GUI, but the corresponding traffic is dropped. This behavior applies to Sophos Firewall 18.5.4 MR4, 19.0 GA and 19.0.1 MR1.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Enable IP-eviction on SFOS . Once it is enabled , on re-learning of FQDN/wildcard FQDN will solve the problem.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-103261
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SFOS 19.0.1 MR1-1-Build384 (19.0.1.384) [Aukena]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Unable to set DNAT from Central using "Server access assitant (DNAT)"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      To enable NAT or WAF through web admin, you must specify an Original Destination Port (NAT) or Hosted Address (WAF). This is normally set to the IP addressed associated with ‘Port B’ which is the WAN Port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      For CM managed autoscaling instances, there’s no way to identify the original destination as each firewall will have it’s own IP address for the WAN port. This makes it impossible to setup DNAT for a CM managed instance. Even if someone creates a “Dynamic Interface”, it is not available during the “Public IP Address” step.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The "Server access assistant (DNAT)" cannot be used to configure DNAT but the manual method of creating a "New NAT rule" can still work. As the WAN Interface isn't available, you can create an IP range that will be translated to the private IP of the private Server. To setup DNAT:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Navigate to "Firewalls" under "Manage Firewalls" in the left sidebar
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. Select the three dots for the firewall group and click "Manage Policy".
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      3. On the left sidebar, select "Rules and Policies" and go to the NAT sub page
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      4. Click on the "Add NAT Rule" button and select "New NAT Rule"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      5. Enter appropriate settings for your application. Ensure the "Original Destination" is set to "Any" and "Inbound Interface" to "Any" as well.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      6. For the "Translated Source", set it to MASQ.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      7. Change the "Translated Destination (DNAT)" to the private IPs of private server/load balancer by clicking "Create new" at top of drop down menu and creating appropriate destination.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      8. Click Save.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      9. Wait for configuration to be distributed to all XG's in group. This can be monitored from the "Firewalls" page

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-101780
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFOS 19.0.0 GA-Build317 (19.0.0.317) [Tupai]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFOS 19.0.0 EAP2-Build271 (19.0.0.271) [BoraBora]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFOS 19.5.0 EAP0-Build93 (19.5.0.93) [Taha]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFOS 19.0.1 MR1-Build350 (19.0.1.350) [Akamaru]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Firmware Management
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Small var partition created for VM platforms

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Var partition is created with 3.7G size in a freshly installed version of v19 GA.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Migrated versions are not affected.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      There are two workaround solutions for this issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Reinstall with v19MR1 Build 350 or higher to fix this issue
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. Please contact Sophos support to apply the workaround for the affected appliance in v19 GA.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-94863
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 18.0 MR5-Build586 (18.0.5.586) [Samal]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFOS 19.5.0 GA-Build197 (19.5.0.197) [Anaa]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • CM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      HA zero downtime upgrade is not supported if the firmware upgrade is scheduled on Central Management

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      When a scheduled firmware upgrade from Central Management is run, both devices are rebooted at the same time in case of an HA setup.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Use the firewall WebAdmin to run an HA zero downtime upgrade.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-94073
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFOS 19.0.0 GA-Build317 (19.0.0.317) [Tupai]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • XGS BSP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      XGS 10G interface not working when interface speed is set to Auto-negotiation (Physical or LAG)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Issue: XGS 10G interface is not working when interface speed is set to Auto-negotiation (Physical or LAG)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Affected Product: Only XGS hardware with 10G interface

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Set interface speed to Manual 10000 Mbps - Full-Duplex (Applicable for Physical, LAG interfaces).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-99835
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SFOS 19.0.2 MR2-BuildXYZ (19.0.2.XYZ) [Kamaka]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SFOS 19.5.0 EAP1-Build144 (19.5.0.144) [Maiao]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • DDNS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        MyFirewall.co Sophos DDNS cannot be deleted

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        MyFirewall.co Sophos DDNS cannot be deleted.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The Sophos owned DDNS Provider is End of Life and cannot be deleted by the administrator.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-46108
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • DHCP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            DHCP relay configured on an interface containing another DHCP server doesn't function

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Configuring multiple DHCP Relays where the 'listening' interface in one corresponds to the interface that the DHCP server is connected to in another of the configured relays will cause one of the relays to cease to function.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            This is not a supported scenario and is expected behaviour. A DHCP Relay should not be setup on an interface that hosts a DHCP server.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-99867
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SF 18.0 MR5-Build586 (18.0.5.586) [Samal]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Error received when trying to add entry to blocked senders list when list is large

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Issue:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              When the blocked senders list get large it can fail to add new entries. The exact number of entries will very as it depends on the length of each email address. We have seen issues when lists get over 2400.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Users will see warning message saying The operation will take time to complete. The status can be viewed from the "Log viewer" page

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Checking csc.log will show a line like this

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2021-06-02 11:40:21,411:ERROR:CSC - Exception in getStatusFromResponse() :java.lang.NumberFormatException: For input string: ""java.lang.NumberFormatException: For input string: ""

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Replace duplicate entries with wild cards to reduce the number on the blocklist where possible. Entries like smith@domain1 and joe@domain1 can be reduced to entries like *@domain1, which will cover a wider range of addresses anyway.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-98205
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SFOS 19.0.0 GA-Build317 (19.0.0.317) [Tupai]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Wireless
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                RadiusSSO roaming not working

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                When using RadiusSSO and roaming between APX’s the client has to reauthenticate in order to connect again.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                This is a limitation with the current deployment. RadiusSSO currently cannot handle roaming between access points

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-87676
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 18.0 EAP1 (18.0.0.102)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 18.0 GA-SR1 (18.0.0.321)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • WAF
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  WAF might stop working after restoring a backup in some cases

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Please contact support for a resolution.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-89077
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SFOS 18.5.2 MR2-Build380 (18.5.2.380) [Dominica.NFM]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • IPsec
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Unable to connect IPsec with IOS with Local ID defined.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The issue is happening when Sophos Firewall is configured Sophos IPsec connect with Local ID. This configuration is not supported by IOS.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The IOS profile does not support any parameters with Local ID/Remote ID and which causes a failure to authenticate the connection.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Clear the Local ID value/Field and re-download the configuration file.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-94354
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SFOS 19.0.0 GA-Build317 (19.0.0.317) [Tupai]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Upgrade to v19.0GA results in factory reset

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If you have changed SSL/TLS Inspection Log retention period (Monitor & Analyze > Reports > Show Report Settings > Data management > Retain SSL/TLS inspection logs of the past) from the default value of 1 month, Upgrade to SFOS v19 will result into factory reset default.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Change SSL/TLS Inspection Log retention period under Reports > Show Report Settings > Data management > Retain SSL/TLS inspection logs back to the default value of 1 month before upgrading and then after upgrading to SFOS v19, you can change the setting back to the desired value.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-94355
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFOS 19.0.0 GA-Build317 (19.0.0.317) [Tupai]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Logging Framework
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Device goes into failsafe when upgraded to v19.0.0 GA

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If your device is using a configuration previously restored from a Cyberoam backup, and you have NOT regenerated the appliance certificate on SFOS, upgrading to SFOS v19 will result in operation in fail safe mode.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The appliance certificate generated in cyberoam devices uses a weak signature algorithm (MD5) that is NOT supported for appliance certificates in SFOS v19.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        How to verify before upgrading:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Check the Signature Algorithm of the Appliance certificate by running the following command on the advanced shell:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      “openssl x509 -in /conf/certificate/ApplianceCertificate.pem -text -noout” 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If the output shows the signature algorithm as "md5WithRSAEncryption", DO NOT upgrade to v19.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Please refer the KBA: https://support.sophos.com/support/s/article/KB-000044122?language=en_US

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-79348
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SFOS 19.0.0 EAP0-Build190 (19.0.0.190) [Tahiti]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SFOS 19.0.0 EAP1-Build244 (19.0.0.244) [Tahiti]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        awarrensmtp & warren services are getting DEAD after CR backup restore

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If a customer restores a Cyberoam backup which does not have Default CA certificate generated or configured, then after restoring the backup in v19 EAP0 or later, awarrensmtp & warren services will be found DEAD.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        After restoring the cyberoam backup, regenerate the Default CA certificate

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Login to UI and go to System -->Certificates -->Certificate Authorities --> Edit Default CA

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Reboot the device

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-93678
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SFOS 18.5.3 MR3-Build408 (18.5.3.408) [Martinique]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SFOS 18.5.4 MR4-Build418 (18.5.4.418) [Hispaniola]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SFOS 19.5.0 EAP0-Build93 (19.5.0.93) [Taha]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SFOS 19.0.1 MR1-Build350 (19.0.1.350) [Akamaru]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SASI detection problems when too many hits are returned

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SASI engine can appear to fail if the returned value from the engine is too larger for the buffer. This returned value includes the spam rule hits that were detected on the message itself.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If there are too many returned hits if can be greater then the buffer and cause the “spam scanning failed”

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        smtp_main.log will show this error if this is the case “ng_buffer_read: reach buffer limit 2048” You will then see “spam scanning failed, unable to connect local antispam:”

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The result of this issue is that message that were spam would be delivered when they should have been blocked/quarantined.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Please contact Sophos Support.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-29517
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF 16.05 MR8 (16.05.8.320)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF 17.0 MR1 (17.0.1.98)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Date/Time Zone
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Timezone showing different in GUI and CLI

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          GUI time differs from the CLI time

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The files /conf/TZ and /etc/zoneinfo/ are not in sync.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Copied content from /etc/zoneinfo/ to /conf/TZ
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. Restart the appliance to take change into effect

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NC-52129
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 17.5 MR5 (17.5.5.433)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Limitation Avira Scan for encrypted and split archives

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              When scanning an encrypted split archive with Avira, there is the following limitation:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1) If an encrypted split file was scanned, only the first part contains all information about the archive (includes also the encrypted flag)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2) That's the reason why SAVAPI returns only by scanning the first part, that the file is encrypted. Because the engine/avpack can "unpack" the file, but a password is needed to extract it. So the archive was valid.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              3) If the following parts (except the last one) are scanned, then the encrypted flag is missing, that's the reason why SAVAPI returns clean for that part of multipart file.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4) If the last part of the archive was scanned, then Archive is corrupt for SAVAPI, because the other parts are missing.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Additional information: Also a unpacker will not ask for a password when try to extract an encrypted split file not by using the first part of that file. The unpacker will return, its not a archive.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Use Sophos AV

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-85063
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 18.0 MR1-1 (18.0.1.396)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • WAF
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                WAF does not permit file uploads in OWA greater than 1 MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                If a file is uploaded which is larger then the limit then message similar to this is visible in the log: 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                [Fri Aug 14 15:41:22.414802 2020] [security2:error] [pid 14238:tid 140229323249408] [client 109.91.34.26:44831] [client 109.91.34.26] ModSecurity: Request body no files data length is larger than the configured limit (q).. Deny with code (413) ….

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                For a workaround please contact support.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-43145
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 17.5 MR3 (17.5.3.372)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  HA pair becomes unstable if shared port used as the dedicated link is on XG106

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  When the user configures HA on XG105r3, XG115r3, XG106r1 shared port (Port4), the HA pair becomes unstable. After the enablement of HA service, Auxilary rebooted first as usual. But the Primary appliance goes in the rebooting phase because of the shared port which takes more time to wake up.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Do not to use the shared port (Port 4) as HA dedicated link.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-84054
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SFOS 18.5.2 MR2-Build380 (18.5.2.380) [Dominica.NFM]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SecurityHeartbeat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Configuration Migration Failed due to invalid byte sequence "UTF8"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The backup will not be restored if there is an error with the database tblappstoeps as it may contain invalid byte sequence for encoding "UTF8"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Logs will be seen in Postgres.log

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    772 2022-01-08 03:01:18.064 GMTERROR:  invalid byte sequence for encoding "UTF8": 0xb1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    6772 2022-01-08 03:01:18.064 GMTCONTEXT:  COPY tblappstoeps, line 23612
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    6772 2022-01-08 03:01:18.064 GMTSTATEMENT:  COPY tblappstoeps (app_id, uuid, app_path, occurrence, last_seen) FROM stdin;

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Please contact Support for a workaround.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-85343
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SFOS 18.5.2 MR2-Build380 (18.5.2.380) [Dominica.NFM]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SFOS 19.0.0 EAP2-Build271 (19.0.0.271) [BoraBora]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Network Utils
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Unable to use "port", "eth" or "ge" when editing interfaces

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • The interface display name starting from “port” or “eth” or “ge“ are not allowed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • The restriction was added for add/edit interface only.  

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      This is an intentional change and customers will not be able to edit/change interface names starting with “port”, “eth” and “ge”.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-85313
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFOS 18.5.2 MR2-Build380 (18.5.2.380) [Dominica.NFM]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • API Framework
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        No Statuscode in API response

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If no , or tag is used after no status will be there in response.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Always use one of these tags after the to get detailed status code messages.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-84550
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            There is a difference between Sophos Firewall local reports and CFR Reports

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The LogViewer can’t log values where bytes values are greater than 32 bit. and reporting is unable to store value, due to which there is a drastic difference between SF reports and CFR reports. In case the number of bytes transferred exceeds the limit which can be accommodated in U32, then it shows the truncated value in the log viewer.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-83527
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SFOS 18.5.1 MR1-GA-Build326 (18.5.1.326) [Cuba]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SecurityHeartbeat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Unable to register Firewall with Sophos Central account due Amazon certificate not present in /conf/

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Customers may face an issue related to the Sophos central registration due to an Amazon certificate not being present in /conf/ directory and gets an error similar to this-

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              32021-11-25 17:28:36 WARN API.pm[13476]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to dzr-utm-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com:443 (certificate verify failed)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Details here: https://support.sophos.com/support/s/article/KB-000043494?language=en_US

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Check if an amazon cert is present. Use this command-

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              openssl crl2pkcs7 -nocrl -certfile /conf/certificate/internalcas/cloud-ca.crt | openssl pkcs7 -print_certs -text -noout | grep Issuer
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              If Amazon CA not existing do the following-

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              mount -o rw,remount /
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cp "/conf/certificate/internalcas/cloud-ca.crt" "/conf/certificate/internalcas/cloud-ca.crt.org"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cp "/_conf/certificate/internalcas/cloud-ca.crt" "/conf/certificate/internalcas/cloud-ca.crt"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              mount -o remount,ro /

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Note: No downtime is required for any of the above steps.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-84171
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SFOS 18.5.2 MR2-Build380 (18.5.2.380) [Dominica.NFM]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • L2TP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                L2TP :multiple clients behind NAT'd device causes traffic issues

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                We can not connect multiple L2TP connections behind the same NAT'd device.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Example:-
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                There are 2 Windows clients behind a NAT'ed device over which the clients are connecting to XG using L2TPoIPSec. The tunnels are established fine, but there is an issue with the traffic. Say ping traffic from Windows1 is working for some seconds and then dropped and Windows2 will not see ping response while ping is working from Windows1 and vice-versa.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-84517
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 18.0 MR5-Build586 (18.0.5.586) [Samal]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  firewall rule is not applied for terminal server traffic from Server Protection SATC

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Situation:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The traffic from the terminal Server is not being marked by the User ID as a result that the correct firewall rule is not being applied.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Customer need to join the EAP for New Server Protection Features and confirm the machine is added to the EAP.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Details here: https://support.sophos.com/support/s/article/KB-000038634?language=en_US

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Customer need to join the EAP for New Server Protection Features and confirm the machine is add to the EAP

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-81039
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SFOS 18.5.1 MR1-GA-Build326 (18.5.1.326) [Cuba]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Licensing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SFOS gets stuck after a reboot as hyperthreading enabled on hardware blocked the kernel to boot

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Behavior observed:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SFOS gets stuck after a reboot as hyperthreading enabled on hardware blocked the kernel to boot

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The issue will only happen when the SFOS RAM/CPUs are lesser than purchased in the license and hyperthreading is enabled on Dell hardware. SFOS was not able to apply RAM and CPU limit on that hardware if hyperthreading is enabled.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    This will block the kernel to boot.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The issue is observed on SFOS v18.5 MR1 Build 326 installed on Dell R330 hardware.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Disable hyperthreading on the server.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-83108
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SFOS 18.5.1 MR1-1-Build365 (18.5.1.365) [Cuba.ODM]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Config Migration Framework
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Upgrade to v18.5MR1 from v18.0MR6 results in factory reset

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      *Reported Issue:*Upgrading from v18MR6 to v18.5MR1 results in factory default configuration being applied to the device.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Workaround: Downgrade back to previous firmware and upgrade to v18.5MR2. Alternatively you can upgrade to v18.5GA and then v18.5MR1.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Downgrade back to previous firmware and upgrade to v18.5MR2. Alternatively you can upgrade to v18.5GA and then v18.5MR1.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-13934
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 15.01.0 MR3 (15.01.0.447)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Auxiliary sends only some of the configured scheduled reports

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        In Auxiliary appliance if the report don't contain any data then we don't send any report notification to customer. This is intended behavior.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-47523
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF 17.5 MR5 (17.5.5.433)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Auxiliary unit sending reports about its own scheduled report

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          In an HA configuration pair, with a scheduled report configured, the auxiliary unit will also generate a report containing data about emails being sent from the unit. These emails being sent as per the attached report, from the auxiliary unit is the report itself.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          There is no workaround.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NC-16462
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 16.05 GA (16.05.0.117)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Only displayed result will be included while exporting data into HTML/ PDF / CSV

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Only displayed result will be included while exporting data into HTML/ PDF / CSV

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            We can download current page records which is displayed on page through HTML/ PDF/CSV.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Example : Web report total pages 20. If current page 3 then we can download page 3 records through HTML /PDF /CSV.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            We can download report which display on current page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-82331
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SecurityHeartbeat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Missing heartbeat issue in some cases after upgrade to 18.5 MR2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In 18.5 MR2 we have introduced key encryption for the certificate on FW used by endpoints to heartbeat with firewall. During the upgrade to 18.5 MR2 a certificate refresh has to be done as key has to be encrypted. And this certificate need to be made available to endpoints. If endpoints are unable to get the new certificate from Central, then heartbeat will start failing. This might happen when private DNS Servers are being used.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                To avoid this ensure that the endpoints have network connectivity during the upgrade. Also disable the checkbox “Block clients with no heartbeat" in the firewall rule in case endpoints need access to the internal DNS server to get updates (new certificate) from Central.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                If the system is showing missing heartbeat after the upgrade:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Ensure endpoints has network connectivity so that endpoints can fetch new certifcate from Central. Also disable the checkbox "Block clients with no heartbeat" in the firewall rule in case internal DNS resolution fails.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-81520
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 18.0 MR5-Build586 (18.0.5.586) [Samal]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Hotspot
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Password is not printed on hotspot voucher for bridge to AP LAN and bridge to AP VLAN

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Situation:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  When downloading the voucher from the user portal, then the WLAN password is not printed on hotspot vouchers for the types: bridge to AP LAN and bridge to AP VLAN.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The wireless password is only printed on hotspot vouchers for the interface link of "Separate Zone interface(bridge) of Wireless Protection.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  It is known behavior that a hotspot voucher doesn't contain the WLAN password for Bridge to AP LAN and bridge to AP VLAN.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Configure Hotspot voucher for interface link type 21 i.e. "Separate Zone interface(bridge) of Wireless Protection".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-80953
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 17.5 MR16-Build830 (17.5.16.830) [Timor]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 17.5 MR17-Build837 (17.5.17.837) [Timor.Frag]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Sophos CAA client though seems connected to XG , repeatedly sends "Administrator disconnected you" messages for remote users - Timor.Frag

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Sophos CAA client though seems connected to XG , repeatedly sends "Administrator disconnected you" messages and the CAA agent is grayed out.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The user still shows under live users on the firewall, and is able to access the internet. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This is only happening for customers who upgraded to 17.5 MR16.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Workaround for 17.5 MR16:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Use "username@domainname" instead of the only username for remote users to authenticate via CAA.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  for example:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  testuesr@mydomain.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-77971
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 17.5 MR16-Build830 (17.5.16.830) [Timor]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 17.5 MR17-Build837 (17.5.17.837) [Timor.Frag]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Sophos CAA client though seems connected to XG , repeatedly sends "Administrator disconnected you" messages.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Sophos CAA client though seems connected to XG , repeatedly sends "Administrator disconnected you" messages.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Once admin upgrades the firewall to 17.5 MR16 and users get connected over the CAA, but gets repeated pop up "Administrator disconnected you" and CAA agent is grayed out.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  At the time, the user still shows under live users on the firewall, and is able to access the internet.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This issue is not present in v18 firmware onwards.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Workaround for 17.5 MR16:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Use "username@domainname" instead of the only username for remote users to authenticate via CAA.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  for example:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  testuesr@mydomain.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NCL-1394
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Auth Client macOS 2.1.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Authentication Clients
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CAA takes 2-3 minutes to login user on MAC when it comes back from Sleep

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Issue description :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    When MAC books comes up from the Sleep mode its takes 2-3 minutes for the user to be able to browse the internet .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    This happens only incase we have a User based firewall rule . It takes CAA around 2-3 minutes to authenticate the user .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Workaround :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The user can disconnect and reconnect the client .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Disconnect the CAA , Reconnect

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-76186
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SF 17.5 MR14-1 (17.5.14.714)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SF 18.0 MR4-KONICA (18.0.4.519) [Palawan]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      4X10G FlexiPort Module with new Intel 700 series NVM data and driver not recognized

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Issue :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The 4x10G FlexiPort Modules are not being recognized on Sophos Firewall, the interfaces are being detected as "eth0,eth3"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The 4x10G Flexi modules are not being recognized correctly, the interfaces are being detected as "eth0,eth3".
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The modules cannot be detected correctly and hence making them unusable with the Sophos Firewall.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Only SFOS (Sophos Firewall is affected )

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Affected Sophos Part Number – “XGMOD410PUR”
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Description: 4 ports 10G SFP+ without bypass
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Affected Part S/N Prefix – “M2400XXXXXXXXXX” (with NVM FW 7.20)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Note: Module with same prefix “M2400” with NVM 5.05 doesn’t have this issue.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      To Identify the affected module NVM FW 7.20: Run ethtool -I

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-62786
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 18.0 MR1-1 (18.0.1.396)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • VFP-Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Enabling/disabling firewall-acceleration will bounce the ports

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If the firewall-acceleration is changed on the cli the link state of the affected ports will bounce.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-9124
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF 15.01.0 MR1.1 (15.01.0.407)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          STAS not working when AD servers are reachable on WAN

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          STAS is not working if the AD server is only reachable over a WAN conneciton.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NC-73174
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 18.0 EAP3-refresh1 (18.0.0.285)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Logging Framework
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          LogViewer shows twice DDNS events for Success/Failure.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          LogViewer shows twice DDNS events for Success/Failure.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NC-69491
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 18.0 MR3 (18.0.3.457) [Mindoro]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Unable to access GUI after auto reboot

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            *Issue:* 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If there is a high number of Radius SSO users logging in at the same time and the firewall reboots then sometimes this may result in web admin is not being reachable after the reboot.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            LAN users can connect and the device is accessible via ssh.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-67790
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SF 18.0 MR1-1 (18.0.1.396)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • DHCP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              DHCP Not Assigning multiple IP's to same MAC

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              There is a requirement in certain case's where a multiple IP addresses would need to be assigned for a MAC address from different scopes .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              One of the use case is that or the captive portal to work over the bridged interface with a vlan , the AP creates a virtual interface and needs an IP address from the VLAN .
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              When captive portal , a virtual interface is created on the AP , which asks for an IP over a vlan , since this is a briged to vlan set-up , and the discover request come's with the MAC address of the interface .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              If one scope is set to static and other to dynamic , the IP assignment doesn't work .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Solution :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Set both the scopes to dynamic .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Set both the scopes to Static .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-68438
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 17.5 MR8 (17.5.8.539)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Web policy rule does not support Users with backslash in the name

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Web policy rules do not support users with a backslash in the name.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Example:  in webadmin -> Authentication -> users :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Creating a user with username a\b and saving it will succeed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Using this user in a web policy wont work.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Create a username without backslash or single quote

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NCL-1392
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • STAS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Do we support Secure LDAP port 636 in STAS for Novell eDirectory configuration ?

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    *Question:*  

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Do we support Secure LDAP port 636 in the Novel eDirectory configuration of STAS?

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Answer:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Secure LDAP port 636 is not supported in the Novel eDirectory configuration of STAS.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-71401
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SF 18.0 MR4 (18.0.4.506) [Palawan]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • CM (Join to Cloud)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Unable to register XG with Central Manager with email address that contains more than 50 characters

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Registering XG with Central Manager for remote management functionality fails with error "Temporary error while accessing Sophos Central, please try again".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Root Cause:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      This error could occur due to many reasons, however for this particular issue, the email address being used for registration is longer than 50 characters.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Shorten email address and try again. If you have tried more than 5 times in the last 1hr, the account will be blocked for up to 5 hours. Please wait and try again.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NCL-1309
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • STAS 2.5.1.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • STAS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        STAS Users are getting disconnected frequently if dead entry timeout configured other than zero.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        STAS Users are getting disconnected frequently if dead entry timeout configured other than zero.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Dead Entry Timeout does not work and it MUST be set to zero. If the value for the dead entry timeout is configured anything other than zero then such behavior encountered and users may get disconnected randomly.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Need to set the dead entry timeout to zero to avoid user disconnection due to dead entry timeout. It is recommended to use the WMI mechanism in STAS for log-off detection.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-71178
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF 17.0 GA (17.0.0.80)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Licensing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Unable to activate or register the XG firewall device with v17.0 MR-10 EAL4+ certified firmware

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Unable to activate or register the XG Firewall device with v17.0 MR-10 EAL4+ certified firmware 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Customer needs to upgrade the XG Firewall firmware to SF v17.5.MR7 or later and activate the appliance.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. Customer can then switch back to SF v17.0 MR-10 EAL firmware and continue using it.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NC-13946
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 16.01 StagedRelease (16.01.0.190)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 16.01 StagedRelease3 (16.01.1.202)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            STAS users with special characters (' , / ") in their name do not show up on XG

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            STAS users with special characters (' , / ") in their name do not show up on XG. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SFOS doesn't support a username containing special characters.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The user needs to remove the special characters in the username to make it work.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-69439
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SF 17.5 GA (17.5.0.310)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SF 18.0 MR1-1 (18.0.1.396)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Policy tester is incorrect for Internet Scheme Web Policy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The policy tester is just showing Matched firewall rule ID, matched source, and destination zone. It does not return the webfilter id. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-69633
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 17.5 MR9 (17.5.9.577)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Wildcard Exceptions FQDN host are not visible in SMTP exceptions. - Need clear indication

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                A user interface issue exists in SFOS, reported in v17.5MR9 but also exists in later versions. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                If an Admin adds a wildcard SMTP exception for an FQDN host (Email->Policies and exceptions->Exceptions), the FQDN wildcard entry is accepted and is visible in the UI,  Email -> Policies, and exceptions. However, if the Admin attempts to edit this exception the added wildcard entry will not be visible.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                This is confirmed as a UI issue and we are currently investigating. We have no fixed date or version at this time.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NA

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-70369
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 18.0 MR3 (18.0.3.457) [Mindoro]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 17.5 MR14-1 (17.5.14.714)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Dynamic Routing (OSPF)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Auto interface cost calculation not working

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Issue description : Auto Cost Calculation does not work for OSPF
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This is configurable under advanced settings of OSPF .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Workaround :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Uncheck the Auto Interface Cost and Manually Configure the Cost .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NCL-1342
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SATC 2.2.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SATC
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SATC not compatible with Chrome version 84 and newer

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In July 2020, Google Chrome, the new Microsoft Edge, and other Chromium-based browsers moved to version 84. This version removed support for the ForceNetworkInProcess feature used as a workaround for previous versions as per NCL-1114.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Workaround is described here (public link):

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://support.sophos.com/support/s/article/KB-000038634?language=en_US

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Downgrade to version below 84 and apply workaround or move to Firefox.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NCL-1119
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SATC 2.2.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SATC
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SATC provides wrong source port in UDP port 6060 packets while server has InterceptX installed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SATC installed on a server having Sophos InterceptX, installed reports wrong port information in new session details to the XG. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Impact :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If an user attempts to open a TCP connection ,SATC will detect that TCP connection and send an UDP packet containing Login Code, Session ID, Source Port, Destination Port, Destination IP and Username before the TCP connect is completed, SFOS will add a expect based on the information received in that UDP packet.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SATC is unable to detect that TCP connect request thereby not sending any packet to SFOS which results in no expect being added at SFOS side and traffic being dropped. 
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SATC is not sending any information on port 6060 which is used by Sophos Firewall to create an Expect Contrack .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://support.sophos.com/support/s/article/KB-000036880?language=en_US

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-55068
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 17.5 MR9 (17.5.9.577)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFOS 19.0.0 GA-Build317 (19.0.0.317) [Tupai]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      XG 115 Rev. 3 HDMI ports do not appear to be enabled unless a monitor is plugged in at boot

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      XG 115 rev3 models will show no HDMI output unless a monitor is connected before boot up.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-67688
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 18.0 MR3 (18.0.3.457) [Mindoro]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 18.0 MR4 (18.0.4.506) [Palawan]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • HA
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-62850 causes large backup file

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        With 18.0 MR1 there was a case where a backup contained redundant information increasing the size of the backup.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        This was fixed with 18.0 MR3 in all cases.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        There was no functional impact for this.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If a larger backup was taken and restored then /conf might be larger then expected.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        In such cases please use the described workaround.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Backups after 18.0 MR 3 are not facing this.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Run commands:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        rm -rf /conf/httpclient/httpclient
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        rm -rf /conf/iview_images/iview_images/
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Re-run backup.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-65961
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF 18.0 MR3 (18.0.3.457) [Mindoro]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Misleading Firewall and Web filter logs in log viewer

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Log viewer for 'Firewall' & 'Web filter' component shows 'Allowed' in logging for all the port 80/443 traffic, initiated from WAN to WAN/LAN zone. The user (client) who has initiated traffic from the WAN side will be displayed a 'blocked' page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Note: The actual traffic is being blocked and not forwarded by XG.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NC-19628
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 16.01 StagedRelease3 (16.01.1.202)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Not able to browse internet using IE 11 in protective mode if authenticated through SATC

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Using SATC with IE11 in protective mode is not supported.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-65625
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SF 18.0 MR3 (18.0.3.457) [Mindoro]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SSLVPN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              OpenVPN CN size limited to 64 characters

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              OpenSSL limits the CN to be 64. OpenVPN limits the size of the CN to 63 + 1 (null character).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              This limits the @ length to 51 characters because 12 characters random string appended to CN.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Only use usernames + domain with max 51 characters

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-63535
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 18.0 MR1-1 (18.0.1.396)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Modsecurity not allowing block email senders list modification

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                If the user tries to add any domain or email address on the Page 'Email>> general setting>> block senders', then he'll get the error "Request could not be completed" and the domain or email address would not be added.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 The best possible way to avoid/resolve this is to remove any one of the domain/email address from the block senders list and re-add them again. This resolves the issue.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-59800
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 17.5 MR9 (17.5.9.577)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Creation of new firewall rules (manually via VPN auto creation) resulting in emails being held on the appliance

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  When utilizing the XG Email protection module in MTA mode, this creates an automatic firewall rule for the SMTP traffic at the top of the policy list. If additional rules are created above this rule, this can result in the XG accepting SMTP traffic but then being unable to deliver the mail onto the next hop. This can be seen by the mail queuing on the appliance and time out errors in the /log/smtpd_main.log:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2369   == john.doe@example.com R=default_mx_router T=remote_smtp defer (110): Connection timed out
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2020-02-07 10:57:39.081 [2369] xPlIal-cb3y0D-DL == john.doe@example.de R=default_mx_router T=remote_smtp defer (110): Connection timed out

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This can occur with:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Manually configured firewall rules that include the SMTP service

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Automatically created firewall rules when configuring a VPN tunnel

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   We plan to improve on this behaviour in an upcoming software release

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Ensure that any manually created firewall rules are created below the automatic MTA rule
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Ensure that any subsequent automatically created rules are moved below the automatic MTA rule

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  In the event that mail has already become queued on the appliance prior to the moving of the above rules, contact support for assistance in utilizing the /scripts/mail/replace_firewall_id.pl script to rectify the issue.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-63913
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 17.5 MR9 (17.5.9.577)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • IPS Policy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    When XG device in FETCH mode in SFM and user change "Advanced Threat" setting with template, though setting was applied correctly in XG Firewall, SFM event log show failure message

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    When the XG device is set to  FETCH mode in SFM and user changes the  "Advanced Threat" setting with template, though setting was applied correctly in XG Firewall, SFM event log show failure message

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    This is known issue for FETCH mode configured devices in SFM only.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In PUSH mode config XG Firewall devices, this issue is not observed.  

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-60294
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SF 17.5 MR7 (17.5.7.511)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      [CA] user not removed from Liveuser table when logging out

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      When using the Sophos Network Agent (iOS or Android) logout could take up to 2h. The APP itself gets disconnected immediately but on the UTM the user is still live which actually means he can still access network resources which should be blocked.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Login to appliance with SSH

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • echo 0 > /content/caaios

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • echo 0 > /content/caaand

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • restart access_server

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Workaround is update and reboot safe

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-60381
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 18.0 GA-SR3 (18.0.0.354)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 17.5 MR9 (17.5.9.577)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        DHCP Blocked with Heartbeat on SFOS

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        **This scenario is observed when the DHCP request comes via a bridge interface and Heartbeat is set to block endpoint communication with RED heartbeat status on the firewall rule with inter-zone communication rule i.e. rule configured for Bridge interface. The MAC address is blocked this would also include the DHCP traffic for affected client machines.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        When packets enter into the bridge interface, we are entering into Netfilter stack from L2 and all the decisions related to packet/connection taken at Layer 2. Now here, what happened is that Packet dropped by Firewall when it enters from the L2 stage. So traffic never submits to L3 (bridge interface) where the DHCP server is listening and DHCP will never get the packet. This issue will only for the client behind the bridge and will not happen for any other interface.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Create a Firewall rule which is positioned on top with Service: DHCP and with no heartbeat settings applied.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-60104
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF 17.5 MR10 (17.5.10.620)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Live connection is not shown in Live Connection table for DNAT rule

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Description:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Live connections shown in the live view would not show a connection table entry for DNAT rules. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Reason: While handling the connection table the connection to ZoneID 4 would not be considered in the live connection table. But this would show in Log Viewer and Reporting.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The issue was sorted out due to architecture changes in V18. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NC-60401
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 18.0 GA-SR3 (18.0.0.354)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • CM (Join to Cloud)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Unable to deregister Firewall or enable "Sophos Central Services" v18

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If the Firewall is registered and central services are accepted by the Central Admin and somehow firewall lost its Central Registration information due to Factory-Reset/Firmware Downgrade.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            On Re-registration and Enable Central Management, Endpoint already known to the Central and Central Management API considers this as a Bad request as Central Services already approved.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Work-Around 1:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Deregister the XG Firewall(If on HA Remove both the Firewalls) from the Central if already registered (XG Local UI-> Central Synchronization -> Deregister)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Remove the Firewall from the Central.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Login to central.sophos.com
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Navigate to Firewall Management.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Choose Firewall row and click on "Remove from Central"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Workaround 2:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The following can be run via the advanced shell:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            /bin/central-register --register -u -p -s
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Once registration passes you can proceed to unregister from Sophos Central GUI

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-59839
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SF 17.5 MR8 (17.5.8.539)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              XG showing incorrect IP in the outbound email logs and CLI conntracks

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              When checking email logs for bounced emails in the UI, IP addresses might be shown as source address which are not configured in the UI. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The log entry is generated for connection table entries, not from the actual routing.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              At point of time of conntrack creation SFOS uses any gateway IP as original source address ( example: Port4: 10.24.255.254) When routing is done on L3 , the decision might be to route that connection via Port 2 - but the original source is unchanged.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              That means the original source is not necessarily used for routing.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-9106
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 15.01.0 GA (15.01.0.376)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Framework part of Base (deprecated)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Mail Notification not working with Microsoft Office365

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Sophos XG does only support the following authentication methods. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PLAIN

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Digest MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CRAM MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                To authenticate agains Microsoft Office 365, one of these authentications methods need to be configured on both ends.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-27452
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 17.0 MR3 (17.0.3.131)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • WAF
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  GES Question : Do we Support method="RDG_IN_DATA" or method="RDG_OUT_DATA" for RD in WAF

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  We don't have protocol support for Microsoft's RDG  protocol suite which they added with Windows Server 2012 (we only support the "old" MSRPC suite). Whenever such a RDG (2012) connection fails the log contains line stating
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  method="RDG_IN_DATA"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  or
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  method="RDG_OUT_DATA"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  it's a strong indication the lack of protocol support is causing the connection to fail. Currently, this cannot be mitigated using the WAF.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  WAF only supports RPC_IN_DATA and RPC_OUT_DATA, these are the only types enabled when Pass Outlook Anywhere is turned on. All other methods are unsupported

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-58684
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 18.0 GA-SR3 (18.0.0.354)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Firmware Management
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Upgrade from v17.5.x to v18 Build_354 would take more time (approximately 50 minutes)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    XG would take more time (approximately 50 minutes) to upgrade the firmware from v17.5.x to v18 Build_354. This because v18 Build_354 is doing additional checks for file system correction, which would take more time based on the hard disk size and state.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-13632
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SF 15.01.0 MR3 (15.01.0.447)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • RED
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Unable to do offline provisioning of RED 50 device using USB device

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      It is not possible to do offline provisioning for RED50 devices using an USB device without doing an online provisioning first. RED50 keeps on rebooting continuously.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Do an online provisioning somewhere central. After first online provisioning is done offline provisioning is possible.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-42227
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 17.1 MR1 (17.1.1.175)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Authentication Clients
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Question: Are we not supporting SATC with Edge browser

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        We currently don't support SATC with the Edge browser.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-44003
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF 17.5 GA (17.5.0.310)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SNMP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          SNMP query for supportSubStatus and appExpiryDate return unexpected values

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          SNMP query for supportSubStatus and appExpiryDate return unexpected values. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          MIB indicates that supportsubstatus should be 1 or 2, but 3 is returned.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          MIB indicates that  appExpiryDate should be a date but the value returned is invalid

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          This will be resolved in the upcoming XG v18 release

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NC-55423
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 16.05 MR5 (16.05.5.233)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 17.1 MR1 (17.1.1.175)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Network Services (deprecated)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • PPPoE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Difference in Data Transfer Traffic usages between WAN Link Manager and WAN Zone report.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            +Behavior:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            There will be difference in Data Transfer Traffic usages between WAN Link Manager and WAN Zone report.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            WAN Link Manager: Go to Network > WAN Link Manager and click the Manage icon next to the IPv4 or IPv6 Gateway to view data transfer graphs related to that Gateway.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            *WAN Zone reports:* Generated under Monitor & Analyze - Application & Web - Show:User App risks & Usage.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            **

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Data Transfer usages In WAN Link Manager shows Layer 1/ Physical level stats and can be compared against ISP data transfer. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • WAN Zone is the logical entity that works at Layer 3. Based on the traffic passed from specific firewall rule, the WAN zone graph is generated from the connection. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Below statistics of WAN Link Manager and WAN Zone reports explain reason about different Data Transfer traffic usages.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1) WAN Link Manager statistics:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            This is the statistics of data transfer at interface level – that is per physical or virtual gateway
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            This also includes device traffic – pattern and firmware download, license sync. And unknown traffic/ ping that is handled at that interface by the device
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Device can have multiple interfaces as WAN links and all of them could be in WAN zone. Users can see WAN Link Manager stats per interface, not by zone.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2) WAN Zone Report statistics:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            This is the statistics of traffic passed through Firewall rules per Zone
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Traffic destined towards WAN zone can take one of the multiple WAN Links as defined by load balancing configuration and WAN Link weights/ active-backup configuration.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The attached logical diagram would also explain difference between WAN Link Manager and WAN Zone reports.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Data Transfer usages In WAN Link Manager shows Layer 1/ Physical level stats and can be compared against ISP data transfer. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • ISP Data Transfer traffic usages report can be compared with WAN link manager. WAN Zone data transfer report is not meant for that. 
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  


                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-33997
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SF 17.0 MR6 (17.0.6.181)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SSO client install does not appear to work with RDP sessions

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Setup sso client agent following KB 123159

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              log into a machine and it works correctly. When they try and login to the same machine through RDP they get a popup windows that just say default

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Logs will show the following
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\admin1\AppData\Roaming\Sophos\admin1.log

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              05/08/18 17:23:17 Return Message Code From Server Is -- > 5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              05/08/18 17:24:35 Console has been disconnected. Switch user detected. logging out user 
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              05/08/18 17:24:35 Posting End Session....

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Using the SSO client agent with RDP is not supported

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-53986
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 18.0 EAP1 (18.0.0.102)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              For VM deployments, PCnet32 driver shows incorrect negotiation speed (10mbps Half Duplex) on XG UI

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The UI in v18 shows a wrong negotiation speed for virtual machines using the PCnet32 driver. This is only a UI issue.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-25733
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 17.0 GA (17.0.0.80)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 17.0 MR1 (17.0.1.98)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • IPsec
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Can not see any custom configured IPSec Profiles "that's using PSK and having Aggressive mode enabled" listed after upgrading to V17MR1 although it's being used as a policy in the IPSec Connectiont

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                You can not find/select an IPsec Profile from within an IPsec connection when this IPsec Profile has Aggressive mode enabled and the Connection is using PSK after you upgrade from any version to V17

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                VPN > IPsec connections> select an upgraded vpn connection> Under Encryption > click on Policy, the old custom policy used for this connection is not listed

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Reason: Strongswan is not supporting PSK and Aggressive mode for security reason.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Either disable Aggressive mode on the IPsec Profile or Use RSA/Cert for Authentication instead of PSK.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-25749
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 17.0 GA (17.0.0.80)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • IPsec
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  IPSec v16 to v17 update does not set SHA2 truncation on custom Policy's

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  IPSec v16 to v17 update does not set SHA2 truncation on custom policy.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This will mostly affect tunnels between v16.5 and v17 .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Impact
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The customers migrating from v16 to v17 with IPSEC tunnels configured with the Encryption AES256 and Authentication SHA2 256 on custom policy in Phase-1 and Phase-2 will be affected.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The SA will be established however the traffic will not flow through the tunnel.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  *How to Identify the issue *

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The tunnel status could be verified from the GUI , The Status and Connection will be Green .
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This could be verified from the Advanced shell with uptime .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  #ipsec statusall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Output:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Status of IKE charon daemon (strongSwan 5.5.3, Linux 3.14.22-Aum, x86_64):
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  uptime: 68 minutes, since Nov 20 18:02:23 2017

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The workaround is to enable the SHA2 with 96-bit truncation on v17 policy.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Go to Configure > VPN > IPSec Profiles.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Under General Settings, select SHA2 with 96 bit truncation.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Click Save.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-48871
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 17.5 MR5 (17.5.5.433)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • L2TP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Username with backslash "\" character are unable to authenticate when logging with domain via L2TP

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Username with backslash "\" character are unable to authenticate when logging with domain via L2TP

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The character "\" is not supported as part of the username in XG Firewall.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  User can simply check this by creating new user manually having "\" character in username, XG firewall will not allow you to create such user.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  XG Firewall supports authentication with the sAMAccountName username (i.e. asystest) or with the fully qualified username (i.e. asystest@xyz.local)  which works, but not with the NETBIOS format, indifferent of the server.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-42226
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 17.0 MR6 (17.0.6.181)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SSLVPN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Self signed certificate support as SSL Server certificate in SSL VPN.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Self Signed certificates are not supported as SSL server certificate in SSL VPN . You cannot issue the certificate for yourself but requires a CA to sign / approve server certificate. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    A certificate signed by local CA i.e.  issued by default certificate authority (CA)is supported i.e. certificate "ApplianceCertificate" shown in below screenshot is supported. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-54667
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SF 17.5 MR7 (17.5.7.511)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Maximum number of simultaneous CAA users

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      XG firewall supports a maximum of 3042 Corporate Authentication Agent connections at the same time.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If the number of users is exceeding this then logs like "Failed to establish connection! Too many open files" will appear in access server log file.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      This number is only for users using Corporate Authentication Agent, Live user count for other authentication mechanism are not included in this limit.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-54697
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 17.5 MR8 (17.5.8.539)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • IPS Policy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "show ips-settings" command display only 8 firewall rules if more are configured

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The "show ips-settings" command in the console only displays 8 firewall rules in case you have configured more.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The related database entry contains all configured firewall rules.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        This is only a display issue.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-33500
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF 17.0 MR6 (17.0.6.181)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Unable to get the file that was scanned by sandstorm

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          When a file is scanned by sandstorm, Admin get a cannot reach page after scanning (throw by Sophos XG captive portal).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          This is observed When Any to Any firewall rule is configure as DROP.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Create Specific LAN/WAN zone instead of Any zone for DROP firewall rule

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NC-53094
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 17.5 MR8 (17.5.8.539)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • RED
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            WAN gateway becomes "active" causing RED S2S tunnels to flap

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            When multiple WAN gateways are configured on the XG, any action that causes the backup gateway or the gateway not being used by the RED tunnel to reconnect will cause all RED tunnels to reconnect.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            None

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-47092
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SF 17.5 GA (17.5.0.310)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SSH Session to a target behind a SFOS Firewall show up in LogViewer with delay

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              There might be a delay before an SSH session is shown in the LogViewer.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-42570
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 17.1 MR1 (17.1.1.175)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • WAF
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Unable to access WAF server from LAN if browser proxy is configured in LAN systems

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                When LAN users want to use a webserver protected by a WAF in the LAN zone than those requests don't work. Reason is that requests from the LAN zone will reach the webserver(s) directly without passing the XG.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-38227
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 17.1 MR2 (17.1.2.225)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • RED
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                RED functionality can't be enabled with a DHCP for the RED on the DHCP page

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                *ISSUE -* Trying to start the RED results in unknown internal error:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                *BACKGROUND -* The customer upgraded the XG 135 to v17.1.2 MR2 and thereafter out of 2 red tunnels only one was showing up on the GUI.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                So they tried to restart the RED service by toggling the RED status but since they turn of the RED configurations on XG, it is not getting enabled back again.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Error message: [Unknown Internal Error occurred]

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                INVESTIGATION:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Following rebind issue logs were found

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Mon Sep 17 04:02:36 2018 REDD ERROR: Rebind of RED devices failed: Failed to get config of all devices: Expected reply from get_object_by_hash() with status
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 200 but got 500 without error message. $VAR1 = {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          'status' => 500,
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          'Records' => []
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        };
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                REDD: Red::Backend->enable_feature_event failed; result 520

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Browser debug shows the following:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                {transactionID: "5690", status: 520, message: "", opcodeMessage: "Enabling RED feature failed",…}
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                entity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                {map: {country: "AU", Entity: "redconfiguration", ___serverport: 65003, ___component: "GUI",…}}
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                map
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                {country: "AU", Entity: "redconfiguration", ___serverport: 65003, ___component: "GUI",…}
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                APIVersion
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "1701.1"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Entity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "redconfiguration"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Event
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "UPDATE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                city
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "Narangba"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                country
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "AU"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                currentlyloggedinuserid
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                currentlyloggedinuserip
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "127.0.0.1"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "licensing@ahe1.com.au"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                mode
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1320
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                organization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "Atlas Heavy Engineering"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                status
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "1"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                transactionid
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "5690"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ___component
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "GUI"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ___serverip
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "127.0.0.1"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ___serverport
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                65003
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ___serverprotocol
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "HTTP"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ___username
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "support"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                message
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ""
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                opcodeMessage
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "Enabling RED feature failed"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                redirectionURL
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ""
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                status
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                520
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                transactionID
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "5690"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Looks quite similar to the JIRA NC-27578
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                I am attaching the combined logs

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 for the following :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CSC DEBUG
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                RED
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                TOMCAT DEBUG
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                APPLOG
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                APACHE

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                and CSCHELPER 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Backup of the unit - 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ACCESS ID

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                05894141-f8b9-3615-ba4d-cb876759c539

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-51322
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 17.1 MR4 (17.1.4.254)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Chinese characters in mail subject not displayed correctly within the quarantine digest mail

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Chinese characters in the subject of quarantined mail are not displayed correctly within the quarantine digest mail. The display in the GUI itself is correct, but appears garbled in the quarantine digest email only.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Changing the encoding used in the end user's mail client to encoding to UTF-8 acts as a workaround for this issue. We also have plans to resolve this in a future software update but no timelines on this currently.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-43721
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Half duplex not working on upper four ports of XG125/135 Rev.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  XG125/135 Rev.3 does not work with Halfduplex in any setting on Port 1,2,3,4.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Port 5,6,7,8 will work with halfduplex.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-39407
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 16.05 GA (16.05.0.117)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 17.0 GA (17.0.0.80)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 17.1 GA (17.1.0.152)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 17.5 GA (17.5.0.310)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Networking (deprecated)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Policy Based Routing on Reply/Return Traffic Only Is not Supported

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    We do not support Policy Based Routing (PBR )on return traffic on any version prior to v18

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-43682
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SF 17.5 GA2 (17.5.0.321)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Mail queue being delayed/failed after update to v17.5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Any manual change to the disable_offline_relate is lost during a firmware upgrade.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If, prior to an upgrade, the /static/proxy/smtp/scanner.conf file has been changed to set the disable_offline_relate setting to 'no' this will be lost during a firmware update and will need setting again.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      We plan to introduce a GUI option to set this option that will persist through a firmware upgrade in a future release

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Once firmware upgrade is complete edit /static/proxy/smtp/scanner.conf and update the disable_offline_relate again

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-42364
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 17.5 GA (17.5.0.310)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Networking (deprecated)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        IPSEC route precedence not applying as expected

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        System route_precedence is configured to give VPN Routes a higher priority than Static Routes however the XG firewall is not sending the expected traffic over the IPSEC tunnel and instead routing it via a matching static route.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        This occurs if there is a static or local route that directs this traffic to a non-WAN zone. The route precedence command only applies to traffic that is destined for a WAN zone 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        In this scenario manually creating an IPSEC route for the remote subnet will resolve the issue.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        E.g
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        console> system ipsec_route add net 192.168.1.0/255.255.255.0 tunnelname

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Hitting tab twice after tunnelname will show a list of available tunnels.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-13637
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF 16.01 StagedRelease (16.01.0.190)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Routing (deprecated)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Route Precedence not followed in case of PBR and RED S2S

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Policy based routes for RED interfaces are not working.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NC-19478
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 15.01.0 MR2 (15.01.0.418)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Clientless Access(HTTP/HTTPS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Access of websites (HTTP/HTTPS) containing UTF-16 chars in the URL by bookmark is not possible

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Clientless Access feature requires rewrites HTML links within the response document, to ensure that links work for users outside the proxy. If website contains URL links with UTF-16 encoded special characters like example below, then site will not open properly using Clientless Access(HTTP/HTTPs) feature

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Example:. http:\u002f\u002fportal.example.com  -> contains character encoded in UTF-16 format

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-35231
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SF 17.1 GA (17.1.0.152)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • ATP Framework
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Limit on adding Threat Exceptions.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Let us know if there is any limit on adding Threat Exceptions under Protect - Advanced Threat - Advanced Threat Protection.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              *Web Admin:* _Protect - Advanced Threat - Advanced Threat Protection_

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • There are no limitations to add Threat exceptions.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • However there is a limit of 128 characters for the "length" of Threat exception.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-35230
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 17.1 GA (17.1.0.152)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Wireless
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Maximum number of Wireless Networks that can be created

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Limit on adding number of wireless networks.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Web Admin: Protect - Wireless - Wireless Networks

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • There are no limitations on creating Wireless Networks.  

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • However there is a limit of "8 SSIDs/Networks" that can be assigned to a Single Access Point. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-13659
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 16.01 Beta3 (16.01.0.144)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SecurityHeartbeat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Host information on ATP Flipside not updated

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  On ATP flipside, host information for blocked sources is displayed. This information is not updated, the flipside needs to be manually reloaded/re-opened to see changes (e.g. host states green, red, missing)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-13639
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • CaptivePortal
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      [CaptivePortal] Problems with UTF8 names

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Local user with names that contains umlauts (ööööööö) cannot login (if the login is happening via AD / STAS then a login is possible.)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Local user with with special characters ( UTF-8) could not becreated , even existing AD user with those name cannot login.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-19476
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 15.01.0 MR1.1 (15.01.0.407)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Clientless Access(HTTP/HTTPS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Unable to access SSL VPN Clientless Access Connection via HTTP(s) bookmark

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Access of HTTTP/s bookmark to web servers which contains JavaScript based dynamically generated URLs is not possible.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-32298
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Random slow down of the SG430/SG450 with busy disk and less disk I/O

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            a small percentage of SG and XG 430/450 Rev.1 appliances not being accessible  anymore except via serial. This is caused by a SSD software/firmware issue. The serial console output shows the errors:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reboot and Select proper Boot device

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Insert Boot Media in selected Boot device and press a key

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • I/O error on SDA

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SQUASHFS error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            This issue is based on problems with the Solid State Disk (SSD) firmware. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If you have an SG or XG 430/450 Rev.1 that is experiencing issues like those shown above, please contact Sophos Support for further instructions. If possible go ahead and make a backup with one of the KBA's mentioned below:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-13636
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • VPN (deprecated)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                L2TP connection with PSK to mobile phones not possible

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                No L2TP connection is possible to mobile phone with Android (5.0.1 on Samsung S4) or iOS (10).
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Both negotiated successfully IPsec phase 1 (main mode) but fail negotiating phase2 (quick mode).
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Log excerpt from /log/ipsec.log, valid both for Android and iPhone connection attempts:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Oct 06 10:46:33 "l2tp"[1] 10.147.34.103 #15: STATE_MAIN_R2: sent MR2, expecting MI3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Oct 06 10:46:33 "l2tp"[1] 10.147.34.103 #15: Main mode peer ID is ID_IPV4_ADDR: '10.147.34.103'
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Oct 06 10:46:33 "l2tp"[1] 10.147.34.103 #15: I did not send a certificate because I do not have one.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Oct 06 10:46:33 "l2tp"[1] 10.147.34.103 #15: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Oct 06 10:46:33 "l2tp"[1] 10.147.34.103 #15: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Oct 06 10:46:33 "l2tp"[1] 10.147.34.103 #15: Dead Peer Detection (RFC 3706): enabled
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Oct 06 10:46:33 "l2tps"[1] 10.147.34.103 #15: ignoring informational payload, type IPSEC_INITIAL_CONTACT
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Oct 06 10:46:33 "l2tp"[1] 10.147.34.103 #15: received and ignored informational message
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Oct 06 10:46:34 "l2tp"[1] 10.147.34.103 #15: cannot respond to IPsec SA request because no connection is known for 10.8.18.51:17/1701...10.147.34.103:17/%any
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Oct 06 10:46:34 "l2tp"[1] 10.147.34.103 #15: sending encrypted notification INVALID_ID_INFORMATION to 10.147.34.103:500
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Oct 06 10:46:37 "l2tp"[1] 10.147.34.103 #15: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x635c829e (perhaps this is a duplicated packet)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-18385
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • WAF
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    WAF - redirect to original requested path after form-based auth (SFOS)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    After the successful form-based authentication the user is always redirected to the defined path in the corresponding site path routing profile and not to the original requested path of the user.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-19479
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SF 16.05 MR1 (16.05.1.139)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Clientless Access(HTTP/HTTPS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Some websites could not be accessed through clientless access

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Website which strictly require the destination domain in the URL host part could not be accessed through Clientless Access.  An example for this is CNN.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-13618
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 15.01.0 MR1.1 (15.01.0.407)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Clientless Access(HTTP/HTTPS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Unable to take GUI access of local appliance via clientless http(s) bookmark

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Webadmin access through an clientless access VPN bookmark on the same appliance is not possible.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-9641
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF 15.01.0 MR2 (15.01.0.418)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • WAF
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          RPC not working when Common threat filter is enabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Outlook Anywhere is not working when CTF (Common Threat Filter) is enabled in Business Application Rule.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Disable CTF (Common Threat Filter) in *Web App Protection Policies

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NC-9132
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 15.01.0 MR1.1 (15.01.0.407)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • WAF
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Websockets not supported for WAF

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            WebSockets is an advanced technology that makes it possible to open an interactive communication session between the user's browser and a server. Sophos XG Firewall only supports WebSocket passthrough starting from version 17.0, in earlier versions this functionality of Webserver Protection is not availableos XG.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-9102
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SF 15.01.0 MR1 (15.01.0.398)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Hotspot
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Custom Logo is not displayed in Hotspot login page if Hotspot name contains whitespace

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              A Custom logo is not displayed if the Hotspot name is including a whitespace.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Dont use whitespaces in Hotspotnames

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-9063
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 15.01.0 GA (15.01.0.376)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Error message while creating Hotspot

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Its not possible to create a Hotspot with an HTML file name through SFM which contains a space.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                -------------------------------------------------------------------------------------------------------------------------------------

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Dont use spaces in file names.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-8888
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 15.01.0 GA (15.01.0.376)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • VPN (deprecated)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  IPSec site to site between SFOS and SonicWall is not working in Aggressive mode

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  IPSec Site-to-Site VPN with SonicWall is not supported with Aggressive mode

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Use Main Mode

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-13598
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 15.01.0 MR3 (15.01.0.447)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10G SFP+ Network cards on Software Appliance are not recognized

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    – After installation of SFOS v15 MR3 on Super Micro X10SDV-TP8F, the Dual 10G SFP+ Network cards from D-1500 SoC are not recognized anymore.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    – Issue is also reproducible in SFOS v16

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    More about device specifications can be found here :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://www.supermicro.com/products/motherboard/Xeon/D/X10SDV-TP8F.cfm

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    – Output of Dmesg related to Ethernet is shown below
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    – Output of lspci is needed by developers to analyse further

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    6.505941] e100: Intel(R) PRO/100 Network Driver, 3.5.24-k2-NAPI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    6.512798] e1000: Intel(R) PRO/1000 Network Driver - version 7.3.21-k8-NAPI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    6.523049] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    6.538388] i40e: Intel(R) Ethernet Connection XL710 Network Driver - version 1.1.23
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    6.547374] igb: Intel(R) Gigabit Ethernet Network Driver - version 5.0.5-k
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    6.587508] igb 0000:07:00.0: Intel(R) Gigabit Ethernet Network Connection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    6.634442] igb 0000:08:00.0: Intel(R) Gigabit Ethernet Network Connection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    6.819952] igb 0000:0b:00.0: Intel(R) Gigabit Ethernet Network Connection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    7.002801] igb 0000:0b:00.1: Intel(R) Gigabit Ethernet Network Connection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    7.190630] igb 0000:0b:00.2: Intel(R) Gigabit Ethernet Network Connection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    7.378468] igb 0000:0b:00.3: Intel(R) Gigabit Ethernet Network Connection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    7.380785] igbvf: Intel(R) Gigabit Virtual Function Network Driver - version 2.0.2-k
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    7.386529] ixgb: Intel(R) PRO/10GbE Network Driver - version 1.0.135-k2-NAPI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    7.397845] Intel(R) 10 Gigabit PCI Express Network Driver - version 3.17.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    7.399517] ixgbevf: Intel(R) 10 Gigabit PCI Express Virtual Function Network Driver - version 2.12.1-k
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    7.481665] QLogic/NetXen Network Driver v4.0.82
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [    7.586272] tehuti: Tehuti Networks(R) Network Driver, 7.29.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    No workaround available

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-14880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SF 16.01 StagedRelease3 (16.01.1.202)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SFOSv16 : 'Enforce Safe Search' is applied globally in v16

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      – Safe search is enforced globally and on all the policies without any exception once it is enabled.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Issue reproduction :
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      – Use the default 'Allow All' policy from the Web Protection policies
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      – Enforce the policy in a firewall rule and enforce safe search
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      – Try to search a word which shows explicit results, you would see that explicit results will be filtered even though safe search ins disabled
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      – Even youtube would enforce safesearch in this case

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Now disable 'Enforce Safesearch' option and do the same search with caution. You will see all the related results which is explicit in content.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NC-17457
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SF 16.05 MR1 (16.05.1.139)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Networking (deprecated)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        username for PPPOE interfaces is limited to 50 characters.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The username field for PPPOE interface configuration is limited to 50 characters.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If the username is more than 50 characters for eg: john.doe0123456789012345678901234567890123456789@example.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Use the workaround described below

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Insert any dummy username in the GUI PPPOE interface config where username is less than 50 characters

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Goto the advanced shell and enter:=> psql -U nobody -d corporate (Go to corporate DB)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        => corporate=>update tblpppoeconf set "user"='john.doe@example.com';

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        After applying the above command do disconnect the pppoe connection and reconnect again to bring the changes into effect.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-17808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF 16.05 GA (16.05.0.117)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Wrong decoding if a policy with 'Change prefix Subject' is configured with Umlauts.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • In Legacy Mode, Configure a policy with Action : Prefix Subject with Umlaut (Ü,Ä,Ö) in the prefix. The email prefix subject is incorrectly decoded.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NC-22206
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SF 16.05 MR5 (16.05.5.233)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Clientless Access(HTTP/HTTPS)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Bookmark of websites that require NTLM authentication don't work in clientless authentication

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Bookmark of websites  that requires NTLM  authentication in clientless access will not work.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NC-22372
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SF 16.05 MR7 (16.05.7.305)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Missing Prefix Subject with IMAP and several Mail Clients

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              When using IMAP, prefix subject (Spam) is not visible in many e-mail clients unless specifically selecting the message.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Some of the Mail Clients download only root header's from Server before downloading full Mail. SFOS IMAP proxy doesn't scan headers for spam checking as headers are not enough information to detect spam. IMAP proxy scan Mail for spam when mail client download full Mail.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-22697
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 16.05 MR6 (16.05.6.266)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Citrix Base web application (www.bimco.org) is not working with Allow ALL Web Policy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Issue: Citrix Base Web Application (www.bimco.org) is not working with Allow ALL Web Policy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In transparent mode, Citrix clients are not aware of the fact that there is an http/https proxy in between, thus it starts talking a proprietary protocol (not http/https) using http/https ports which is not understood by the proxy, which in turn results in a kind of stalemate (proxy is waiting for client request, while Citrix client is expecting something from server first).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Due to the above behavior, launching an .ica file with any Citrix web or application based will fail.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                For workaround, user must have a hole punched in firewall to the bimco.org ip address(es) to launch the ica file..

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1: Allow none web policy in LAN-WAN for destination addresses associated with www.bimco.org and launching the ica file.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2: Allow all web policy in LAN-> WAN

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-27906
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 17.0 MR3 (17.0.3.131)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Legacy mode doesn't support retry of E-Mail

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  If greylisting is enabled on server side all subsequent mails are getting rejected. This is because Legacy Mode doesn't support retry of E-Mail. If E-Mail fails to send, Legacy Mode Proxy generates Notification and inform Sender. So, as per greylisting, failed E-Mail should retried but this is rejected with Log entry "451 Temporary local problem, please try again!"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https://community.sophos.com/kb/en-us/131686

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-29363
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 16.01 MR1 (16.01.2.222)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 16.05 RC1 (16.05.0.098)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Unable to boot XG's in HA when using 4x10GE SFP+ flexi module

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Issue : The device doesnt boot up after HA takeover when the unit is equipped with 4x10GE SFP+ flexi modules

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  How to identify :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • After a HA takeover the following BIOS error appears 'PXE-E01: PCI Vendor and Device IDs do not match' 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • This is resolved after removing 4x10GE SFP+ flexi modules everything works fine.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • This could be noticed only sporadically after 4-5 reboots

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Root cause and Fix :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This is caused due to old BIOS versions. The latest BIOS version of XG devices is R1.02, this is not affected by this issue. This can be verified during the startup or by interrupting the startup by pressing TAB or DEL. For older devices we have the steps to upgrade BIOS manually. Please contact Sophos support.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NC-30324
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF 17.0 MR3 (17.0.3.131)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Firewall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Internal hosts cannot ping remote access SSL VPN

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SSL VPN user can ping to LAN but LAN can not ping to SSL VPN.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    If both SSL VPN and Policyrouting is configured for a destination network then by default policyrouting is enabled That is because routing precende by default is doing policyrouting first. To change this routing precendence needs to be changed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    This could be done via console:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    console> system route_precedence set static policyroute vpn

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     To reach the destination through SSL VPN the static route precendence has to be the firste entry in the routing precendence table.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Checking the actual status could be done via console :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    console> system route_precedence show

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Routing Precedence:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Static routes

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. Policy routes

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3. VPN routes

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NC-8891
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SF 15.01.0 MR1.1 (15.01.0.407)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CHAP or CHAPV2 in L2TP & PPTP VPN with AD Configuration is not working

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        VPN Authentication for IPSec / L2TP / PPTP is not working with AD.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Use Authentication method PAP instead

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NC-26865
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Link/Act LED glowing on Port3 & Port4 even ports are disabed in XG85/w, XG125/135/w

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              For XG85/w and 125/135/w Port 3 and Port4 Link/Act LEDs are glowing without the port being enabled and configured.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NC-29938
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SF 17.0 MR3 (17.0.3.131)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Networking (deprecated)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Issue with Static Route.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                A static route cannot apply to the system for the connected network i.e. any static route cannot be configured for connected networks. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Ex:-

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Any interface configured with IP 192.168.115.115/24 then system kernel will not add the route for static route
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                '192.168.115.0/24 via 10.250.41.21'.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NC-30996
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 17.0 MR6 (17.0.6.181)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SF 17.1 Beta3 (17.1.0.147)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • VirtualAppliance
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Random NIC order with more than 3 NICs on VMware vSphere

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Due to a VMware Issue on vSphere a random network interface mapping occurs with more than 3 network interfaces on SFOS. This happens only on vmxnet3 and e1000e NIC driver.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Use e1000 or flexible (pcnet32) NIC driver

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Sophos Firewall Manager

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Last updated: 25 Feb 2021 - 10:09:04
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NCCC-10142
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SFOS Compatibility in SFM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SF Compatibility
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SFv17.5Compatibility: Device is un-sync after adding/updating IPS rule

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Device is shown as unsynced for upto 5 minutes after changing/adding an IPS rule in SFM at device level.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Note: Device comes in sync after few minutes and configuration is applied.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NCCC-10121
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SFM 17.1 MR2 (17.1.2.300)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SFM 17.1 MR3 (17.1.3.200)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SFM-SCFM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SFM and SCFM do not support upgrade to v18 firmware

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    You are unable to upload v18 firmware to SFM devices to deploy to XGs running v17.5.x devices.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Trying to upload the file gets to 97% and then nothing happens.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    This is a known issue.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Load firmware manually to XG

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NCCC-10092
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • CFM 17.1 MR3 (17.1.3.xxx)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SCFM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Red Configuration is not pushed at group level

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      When applying RED configuration from CFM group level in the System services module the configuration will fail with the error message: _Data is invalid and cannot be synchronized on the device._ 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      This issue is observed for SF 17.5.MR11 onwards because of UI for SF 17.5.MR11 onwards for RED configurations has been changed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Use single device management by selecting device from Select devices and then applying configuration for RED

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NCCC-9355
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFOS Compatibility in SFM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SF Compatibility
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        XG signature compatibility issue with SFM

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SFM has default IPS signature set and XG appliance supports signature set based on RAM size.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If Admin pushes signatures from SFM then signature will be displayed on XG based on RAM size and other signatures wouldn't be display even Admin see the success message on SFM UI. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NCCC-10100
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • CCC-10.6.5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • CCC-CCMS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          User unable to download and upgrade Cyberoam firmware from CCC

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          User unable to download and upgrade Cyberoam firmware from CCC

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          User can upgrade the Cyberoam firmware from Cyberoam UI.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NCCC-10088
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • CFM 17.1 GA (17.1.0.132)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SCFM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CCL logs are not being populated with changes applied to a CCL enabled device in SCFM

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CCL not being populated with changes applied to CCL enabled device in SCFM

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Example

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            XG has CCL enabled on it,

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Created a test object called "asdf3_delete" with IP "7.7.7.7" on SCFM and pushed it to the device.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • The XG received the object and created it successfully.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • But no CCL log has been generated in SCFM.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NCCC-8757
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • CROS Compatibility in CCC
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SCFM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CCC Template import is not working with 10.6.6 MR-5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CCC Import Template is not working with 10.6.6 MR-5. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Template is imported successfully but it is imported without any configuration Data.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NCCC-9498
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • CFM 17.1 GA (17.1.0.132)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SCFM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CFM is not communicating at all with all XGs on syslog

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SCFM connection tracking gets full which results in XGs working with syslog port/protocol from being able to sync fully or templates to be pushed.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                There are no plans to fix this issue and as such we recommend using HTTPs instead.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Use https instead of syslog

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NCCC-9147
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • CFM 17.0 GA (17.0.0.101)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SCFM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SCFM doesn't push the template to XG

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  In some cases it seems like SCFM can't push the template to the device. In fact it just takes a very long time to do this ( could be a few hours).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NCCC-8270
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • VFM 17.0 VarioSecure GA (17.0.0.111)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SFOS Compatibility in SFM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SF Compatibility
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Compatibility 17.5: Web Proxy Configuration General setting is not supported for SFOS v17.5 in SFM/CFM template import functionality.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In SFM/CFM import template support for Web Proxy Configuration General setting is not supported for SFOS v17.5.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     Web Proxy Configuration import template does not support for Web - General Settings - HTTPS Decryption and Scanning and Web-General Settings for SFOS v17.5.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NCCC-5288
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SFM 16.05 GA (16.05.0.157)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFM-SCFM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      No option to 'Create Network' in SFM , VPN

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      There's no option to 'Create' a network for Local or Remote S2S VPN, only choosing from the one manually created before, same behavior also in the Firewall rule.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NCCC-3576
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SFM 15.01.0 MR-1 (15.01.0.425)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Base System
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        HA is not supported in Virtual SFM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • HA is only supported for Hardware SFM devices

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • HA is not supported in Virtual SFM

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        No Workaround

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Sophos Switch

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Last updated: 20 Oct 2022 - 11:23:18
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NSW-2436
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • 2022.36.Central
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Cloud-Backend
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Switch Firmware (01.2.1091) does not synch LAG into Central

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Switch Firmware (01.2.1091) will not synch locally created LAG into Sophos Central configuration.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Any locally created LAG interface needs to be de-activated locally and re-created in the Central UI.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NSW-2176
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • EAP0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Senao-Firmware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The uplink indicator is not shown on the local UI if the ports are part of a LAG group

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The switch local UI shows the uplink indicator only for standalone ports, not for ports that are part of a LAG.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Uplink tick is marked in the switch local UI only for individual ports.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NSW-2175
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Cloud-Backend
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Cloud-UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Duplicate sites can be added from Sophos Central

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Admin can add multiple sites with the same name in Sophos central.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Issue-1: Due to slow Internet connectivity or some other reason, if the user clicks on the Save button multiple times after entering the site details, multiple sites with the same name could be created.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Issue-2: As a byproduct of issue-1, when the user tries to move switches from one site to another site multiple times, a race condition might occur: the switch will be visible under the original default site but the configuration applied might be the one from a custom site.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NSW-2178
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • EAP1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Switch-Software
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  VLANs created on the switch local UI are not synched with Central

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  VLANs created in the switch local UI are not synched with Central.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Central to switch config sync is allowed, but the reverse sync is not available currently.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  User common observation:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  I have three VLANs in my switch, but Central does not show them correctly.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NSW-2179
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • EAP1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Senao-Firmware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Port management: Central UI uplink port identification is not being updated when the local UI uplink tick is lost or updated with dealy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [ Intermittent issue ] When moving an uplink cable from one port to another, sometimes it might take more time for the uplink tick to come, even in the local UI. Under these circumstances, the port status event is sent, but the uplink status moves to 0; after a few seconds, the uplink status changes in the local UI, but, at that time, no events are sent to the Central UI.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The faulty status won’t change until the user will update something or a port refresh event will trigger the uplink state refresh on Central UI.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NSW-2181
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • EAP1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Senao-Firmware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SFP port link state not shown correctly on local UI for CS210-24FP

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The CS210-24FP switch model sometimes shows the SFP port 25 with LED link UP on the switch hardware panel, but, in the switch local UI, the same port is not shown as link UP. Sometimes, the SFP module details page port details are reflected, but the Port status is not updated properly.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NSW-2174
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • 2022.06.Boomer
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Cloud-UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Unsupported copper port speed option is listed in port setting UI for CS210-24FP/48FP

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CS210-24FP/48FP allows the configuration of 2.5 Gb/s and 10Gb/s interface speeds on all copper ports in the UI.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The configuration is allowed in the UI but denied when tried to be set. An error will be thrown as unsupported port speed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Ports 1-16 only allow 1Gb/s interface speed. Port 17-24 allow 2.5 Gb/s interface speed. Port 25-28 allow 10Gb/s interface speed (SFP+).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NSW-2177
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Cloud-UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Cloud UI - Switch alert counter doesn’t go beyond 100 from switch list page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The Switch alert counter doesn’t show beyond 100 from switch list page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Whenever there unread alert count number increases beyond 100 then UI doesn’t get increment. However alerts continue to generate and get updated in Central alert page. This is just alert counter increment issue but functionality will continue to work.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Switch alerts in summary page is limited to a count of max 50.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            When there is the 51st alert for a switch, the admin doesn't get notified from the Switch inventory page/Switch details page. The count remains 50. However new alerts ( 51th ) will be displayed on the Central alerts/Dashboard page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If admin acknowledges the previously received alerts then the count will reduce ( New alert no. = 50 - no. of alerts acked ) and new alerts count will increase thereafter. If admin doesn't Ack the alerts and just reads from the dashboard, the alert count on the inventory page will reach the max of 50 and will never show additional alerts. Those alerts are still visible on the Central Dashboard page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Whenever unread alert counter reaches to 100, switch list page doesn't show further incoming alert count. In this case admin can view the latest alert from Central dashboard - Alert section and view the latest/all the unread alerts. This section will list alerts beyond hundred count.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NSW-2182
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • 2022.18.Deadpool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CLI: Invalid special characters are allowed to configure from Switch CLI mode

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The following characters could be entered in CLI mode configuration but do not produce expected result.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                List of denied special character list → " % & ? ' ! ; | +

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Components affected:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Static Mac Address

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • System name

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • System location

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • System contact

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • MAC ACL Name

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • IP ACL Name

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • IP6 ACL Name

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Config RMON Event

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • [RMOM] Alarm Owner Config

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • [RMOM] History Config Web

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                This issue specifically applies for configuration done from CLI mode, Hence any of these name change required can be updated from Switch GUI as UI doesn't allow deny special characters list as input.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NSW-2180
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Senao-Firmware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Password rules for Sophos Switch passwords

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Before Switch FW version 01.0.980 there was an error message indicating that a password is invalid. That message didn't indicate the rules for a valid password. With FW version 01.0.980+ the error message changed to reflect the rules for a valid password. Those rules are:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Minimum length 10 characters

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Must contain at least 1 letter (not case-sensitive)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Must contain at least 1 digit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Must contain at least 1 special character from the following list: @!%*#

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NSW-1788
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Switch Registration screen regarding SSL/TLS Decryption

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Sophos Switch must be able to reach the following FQDN domains in order to successfully register the switch:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          sophos.jfrog.io
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Using SSL/TLS Description will cause the connection to fail due to certificate chain handling, as a result, the decryption must be disabled on appliances between the switch and the internet or the domains added to exclusions on those appliances.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Note: Refer additional info added in comment section

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Sophos UTM Manager

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Last updated: 26 Aug 2021 - 14:58:12
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NSU-357
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SUM 4.309
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Basesystem
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Unable to schedule SUM update past 31/dec/2019

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Unable to schedule SUM updates from the Management > Up2date section past 31/dec/2019.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Inspect the year select element in your browser and change any year to 2021 in the source. Select that year and click save.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NSU-344
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SUM 4.309
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Accd
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SUM only accepting weak ciphers on ACCD port 4433 which fails the PCI compliance check
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SUM's ACCD service port 4433 only accepts weak ciphers that fail the PCI compliance check.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SUM offers all the ciphers which don't support 'Forward Secrecy(FS)' and are considered to be weak ciphers.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • We don't have any plans to fix this issue. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • For security hardening and as a workaround, UTM's should be accessing the SUM locally or through a VPN only. The SUM access from the direct external network should be blocked. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              For security hardening, UTM's should be accessing the SUM locally or through a VPN only. The SUM access from the direct external network should be blocked.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NSU-343
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SUM 4.309
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • WebAdmin
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filter action pushed with 1000+ URLs is not working

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Pushing URL filter list with 1000+ URLs may not work in all cases.  On the UTM side they will appear all gibberish and will not apply to web traffic. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 Note this may not affect every web filter policy over 1000+ URLs. It is possible to have some that are over 1000+ and not have the issue.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Patch is available through support

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NSU-325
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SUM 4.309
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Basesystem
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Importing web exception with 'Refer to Sandstorm' enabled generates error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  When importing a web exception from UTM into SUM that has the "Refer to Sandstorm" options ticked a "Syntactic object verification" error is displayed

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Temporarily disabling the "Refer to Sandstorm" from the exception should allow the exception to be imported

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NSU-292
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SUM 4.308
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • WebAdmin
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  IPv4/IPv6 Icons missing for objects deployed by SUM

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  After activation of IPv6 (on UTM), SUM deployed IPv4/IPv6 Network Objects will have a placeholder icon on Webadmin.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NSU-212
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SUM 4.302
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Accd
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    object import fails because the system encountered an internal error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In some cases the object import from a gateway via the Gateway manager fails.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    If this happens you see one of the following messages:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "The system encountered an internal error. Please contact your administrator if the issue persists".
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "syntactic object verification failed"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Those messages appear if a not fully qualified hostname is used, like e.g. Testsystem10.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    use a fully qualified domainname as hostname

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Sophos Web Appliance (SWA)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Last updated: 02 Mar 2021 - 07:20:59
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NSWA-1718
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SWA 4.3.7
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Cannot download root certificate from the Setup Wizard

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      In the Setup Wizard, clicking 'Install Root Certificate' does not prompt the admin to download the certificate.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The certificate can be downloaded after setup by visiting the 'HTTPS Scanning' section in the configuration.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NSWA-1665
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SWA 4.3.9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Full web control client fails to load policy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SEC management endpoints using full web control with the web appliance failing to pull policy correctly and do not apply the policy any more

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        On endpoint it keeps trying to register with the swa
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        only message in the wsa_swad.log is registered successfully and nothing else

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Issue occurs when policies have rules for special hours but no default special hours enabled. The policies should show a yellow ! mark on them saying they are not in use. To resolve the issue just remove the special hour rules from additional polices, or enable the default special hours again.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NSWA-1356
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SWA 4.3.2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • HTTP Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CIDR exclusions not honored in HTTPS-Scanning exceptions

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          With HTTPS-Scanning active,

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          HTTPS-Scanning exclusings in CIDR-Notation will only be honored if the HTTPS-Request is via IP and not via FQDN.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Example.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10.1.2.0/8 is exluded

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Site server.internal.domain resolves to 10.1.2.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Accessing the server via it's IP of 10.1.2.3 will be excluded from HTTPS-Scanning

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Accessing the server via it's fqdn of server.internal.domain will have the traffic scanned

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NSWA-992
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SWA 4.2.1.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reporting / Recent Activity Search
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Reports do not show graphs for the first hour after midnight. Graphical reports will not show values between 12AM and 1AM.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Reports do not show graphs for the first hour after midnight. Graphical reports will not show values between 12AM and 1AM.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NSWA-1034
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                need to whitelist talk.google.com from HTTPS scanning

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Users who want to be able to communicate using the stand-alone version of Google Talk, you must add both talk.google.com and www.google.com to the HTTPS scanning exemption list.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Note that adding www.google.com to the HTTPS scanning exemption list can potentially prevent search terms from being logged, if https://www.google.com_ is used to perform a search. Alternatively, instead of adding _talk.google.com and www.google.com to the HTTPS scanning exemption list, you can instruct your users to launch a web-based version of the application from within Gmail.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NSWA-1028
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  AIM and HTTPS Scanning

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Users will not be able to access AOL Instant Messenger (AIM) if you have HTTPS scanning or certificate validation enabled. The workaround for this problem is to either set the site as globally allowed or add the AOL Instant Messaging server(s) to your Configuration > Group Policy > Local Site List and set the Risk Level to Trusted. Also, you must either turn Certificate Validation Off, or add that server's certificate authority by entering the AOL Instant Messenger server's Site address and clicking Get Certificate in the Add certificate from a web site section of the Configuration > Global Policy > Certificate Validation page. As the URL and IP address(es) of the AOL Instant Messaging server(s) may differ depending on your geographical region, and may change over time, you must discover this information by disabling HTTPS Scanning and Certificate Validation, and then having one of your users access this service (use AOL Instant Messaging). You can then check the Search > Recent Activity Search > By User for that user to find the AOL Instant Messaging server's URL(s) and IP address(es).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NSWA-1064
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        When AD Detect is looking for the AD domain, only the primary DNS is used

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        When the DNS servers in the* Configuration > Network > Network Interface* page are specified manually, only the first DNS server is used to lookup the Active Directory domain when you run Verify Settings in the Configuration > System > Active Directory page. The first DNS server configured in the Configuration > Network > Network Interface page must be able to resolve the Active Directory domain.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NSWA-1262
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SWA 4.2.1.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • HTTP Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CIDR in LSL is not properly evaluated

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Currently if one assigns a Tag to a non-/32 IP, the policy will not pick up the Tag and follow the additional policy set.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Workaround:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Assign the tag "MasterCIDR" to IP-Address 0.0.0.0/32

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Add an additional policy that grants access to the tag MasterCIDR and place it at the end of the Policy.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NSWA-1122
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SWA 4.2.1.2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Local Site List entries disappearing without aparent reason

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              When modifying the Local Site List in two or more TABs/Windows, it is possible to overwrite the changes made in the first session by a second session.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              To avoid this, verify that only one active Session is managing the Local-Site-List

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NSWA-996
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Create Auth Bypass rule for CRL in Portal Certificates

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                When using a portal certificate, Safari on Mac will attempt to connect to the certificate revocation list (CRL) URL before displaying the portal. Because authentication is not complete, the URL is blocked by the appliance, and the portal is not displayed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                To resolve this:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                On the Config > System > Connection Profiles page, create a connection profile for Mac OS X.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                On the Config > System > Authentication page, in the Profiles tab, create an authentication profile that references the Mac OS X authentication profile. Ensure that this authentication profile applies to all connections, that it is applied only to the CRL URL, and that it bypasses authentication.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                For more information, see the Configuring Connection and Authentication Profiles example in the help.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NSWA-1084
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Alert messages to Sophos are not sent when email is hosted externally

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Alert messages are not sent from the appliance to Sophos Support if your email is hosted externally, such as by an ISP, and SMTP authentication with that mail server is required.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NSWA-1082
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Notification Page on IE

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The notification page for HTTPS blocked pages are always displayed in English on Internet Explorer 7 despite any localization setting.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NSWA-1080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Firefox develops a memory leak when displaying the Web Appliance Administrator web interface.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Firefox develops a memory leak when displaying the Web Appliance Administrator web interface.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NSWA-1078
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Active Directory page doesn't work with credentials with utf8 characters

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If the administrator's Username entered in the Configuration > System > Active Directory page contains UTF8 characters, the username will not be saved properly and it will cause "Invalid Credentials" errors on subsequent logins. To prevent such errors ensure that the administrator username you select does not contain any UTF8 characters.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NSWA-1076
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Known limitation with Autodesk

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              In order to use certain Autodesk applications, such as Land Desktop, AutoCAD Map, Raster Design, Survey, Viz, Architectural Desktop, Revit, and Civil 3d, autodesk.com must be added to the Local Classifications as a trusted site.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NSWA-1074
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    when downloading a malware in one window, firefox does not display company logo/message on another window for eicar.com

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    If the Web Appliance attempts to display notification pages in more than two tabs of Internet Explorer, only the first two notification pages will display. This is a deliberate Internet Explorer limitation—only two connections are allowed per server—, documented in http://support.microsoft.com/kb/282402, which therefore cannot be addressed by the Web Appliance.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NSWA-1072
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "SPN" formatted username not supported

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Service Principal Name (SPN) formatted usernames (for example, user@domain) are not supported when applying policy to a user. Usernames must be in the Down-Level Logon Name format (for example, DOMAIN\username).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NSWA-1070
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                HTTPS does not work if ISA Server is used as upstream proxy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                If an ISA Server is used as upstream proxy of a Web Appliance, you will be unable to:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Install the Web Appliance within the ISA Server perimeter (specifically, the Install Wizard's Connection Test will fail)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Access secure sites from clients

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Establish remote assistance sessions between the Web Appliance and Sophos Support
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This is a known issue for both ISA 2004 and ISA 2006:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • http://support.microsoft.com/kb/941293/

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • http://support.microsoft.com/kb/920913/

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Note: Placing your ISA Server in a downstream (client side) location in your network relative to the Web Appliance remains the preferred network deployment option.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NSWA-1068
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Explain why the patience page always displays in English when ftp-over-http in IE6 and IE7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The patience page that is displayed when using FTP-over-HTTP in Internet Explorer is always in English as Internet Explorer does not include the “Accept-Language” attribute-value pair in the HTTP request. (For an explanation, see the FTP-over-HTTP glossary entry.)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NSWA-1066
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            WS1000 does not display blocked pages when elements of a website come from blocked sources

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Occasionally, web pages from an allowed site will contain images or other resources that are linked in from blocked sites. These content resources will be blocked, which may leave the resulting page looking broken. This is the expected behavior and can only be changed by either allowing the content from the blocked site or blocking the allowed site that contains the blocked resources.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NSWA-1062
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Unable to signin to Yahoo! instant! messenger! when certificate validation enabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Access to Yahoo! Messenger is disabled when certificate validation is turned on. To enable access to Yahoo! Messenger, Certificate Validation must be turned Off in the Configuration > Global Policy > Certificate Validation page. Alternatively, Certificate Validation can be turned On, but you must add the certificate used by Yahoo! Messenger in the Configuration > Global Policy > Certificate Validation page. Yahoo! Messenger uses multiple servers, but each of these use the same certificate, so you can get this certificate from any of the following servers: 216.155.194.149, 98.136.113.168, or 98.136.113.173.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NSWA-1060
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        FTP over HTTP limitations with IE

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        A limitation in Internet Explorer prevents usernames of the forms DOMAIN\username, domain.tld\username or username@domain.tld from working with FTP sites that require authentication. Instead, only the simple username should be used for FTP sites. If it is necessary to use one of the three listed forms, you should use the Firefox browser instead. For more information, see the associated Microsoft knowledgebase article.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NSWA-1058
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              eDirectory Authentication

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              When the Sophos Web Appliance uses eDirectory to identify users, the following issues may occur:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Terminal Server assigns the same address to multiple users. The Web Appliance resolves identification conflicts by selecting the user with the most recent login time. Only the user logged in last is identified correctly.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Users may log in on multiple workstations using the same account. For the first login, the Web Appliance caches and uses the correct username for Group Policy. For subsequent logins, the Web Appliance uses the workstation's IP address for Group Policy. It is recommended that you avoid logging in from different workstations.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NSWA-1056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In transparent mode, with AD auth on, credentials are not taken if first transaction is https

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    When an appliance configured in transparent mode and with HTTPS scanning enabled reboots, users who have their default page set to an HTTPS site will not be properly authenticated to Active Directory. To avoid this, users can configure their default homepage as an HTTP site rather than an HTTPS site.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NSWA-1054
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Reports with missing hour

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Reports do not show graphs for the first hour after midnight. Graphical reports will not show values between 12AM and 1AM.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NSWA-1052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Google chat is not working with IE if IE is not configured to use HTTP 1.1 through proxy connection

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Various software, including Quicktime and Yahoo Messenger, may require HTTP 1.1 through proxy connections. To enable this for Internet Explorer:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NSWA-1050
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Blocking of internal sites

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      To block access to internal sites (ones that your internal DNS will resolve to an internal domain), you will need to create multiple entries in the local classifications for each applicable FQDN. If you do not do this, users will be able to bypass filtering by entering the unqualified internal hostname. For example, for a server on your network called testbox that is available on two domains, you would need to add testbox.domain1.com, testbox.domain2.com and testbox to the Local Classifications.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NSWA-1048
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Web Appliance Webinterface may slow down when activating the Remote Assitance

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The Web Appliance web interface can slow down or freeze when enabling Remote Assistance. Once the request succeeds or times out it will return to normal. Proxy usage is not affected.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NSWA-1046
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Firefox and NTLM authentication

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Various sites generate occasional credential pop-ups when using Firefox with NTLM authentication turned on, and configured to Authenticate all requests.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NSWA-1044
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Reports may hang if appliance under heavy load

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        While the appliance is under heavy load, the Blocked Sites and various Users reports may take up to a minute to generate.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NSWA-1042
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              local Windows Update Servers should be trusted

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              If you have an internal Windows update server, add its hostname as a trusted site to the appliance local classifications to ensure that there are no interruptions in your local Windows update service. Automatic Windows Updates via Microsoft's sites are unaffected.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NSWA-1040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ISA 2000 issues with upstream proxy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  There can be a performance problem when using the ISA 2000 with an upstream proxy, such as the Web Appliance. For the solution, see http://support.microsoft.com/kb/317822/en-us.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NSWA-1038
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      User is asked for credentials when trying to open stream media

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Users may be prompted to login when trying to open stream media with Windows Media Player 9. This issue is related to two Microsoft knowledge base issues:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NSWA-1036
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          MS Office Activation on Vista will not work with NTLM when not joined to the correct Domain

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Users that are not connected to the same Active Directory domain to which the Web Appliance is connected will experience problems using applications (such as Microsoft Office Activation) that do not prompt for credentials. These applications will fail to connect to the internet through the proxy because they do not automatically provide the correct domain user credentials for the domain used by the Web Appliance, nor do they prompt (like a browser would) for the user to enter their correct name and password. Either have these clients connect to the proper Active Directory domain or add the IP address of the problem system to the Allow unauthenticated browsing for the following IP addresses list in the Configuration > System > Active Directory page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NSWA-1032
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            WS1000 KI to mention the importance of MS08-024 for IE

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            In Internet Explorer, some websites or pop-ups may not display properly and the user may receive "Web page cannot be displayed" or "Object expected" error messages. This is a known Internet Explorer issue, and is due to an Internet Explorer update not getting installed. To remedy this issue, please ensure that you have installed cumulative security update MS08-024. For more information, see Microsoft KB947864.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NSWA-1030
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Real Player

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              When a RealPlayer client is operating behind a strict firewall, you must configure RealPlayer to use the "HTTP Only" option to connect to the Internet, even though this option tends to deliver a more intermittent playback than other options. Alternatively, you can open port 554 on your firewall.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NSWA-1026
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Need to document workaround to access ESx000 UI w/ certificate validation turned on

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Enabling certificate validation blocks access to Sophos Email Appliances that are using self-signed certificates. To enable access to Sophos Email Appliances, add them to the HTTPS scanning exemption list in the Configuration > Global Policy > HTTPS Scanning page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NSWA-1024
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Saving settings on Network Interface page produces 'Problem Saving Settings' message when proxying through WSA

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  If you are proxying through the Web Appliance to access the Web Appliance's Administrator web interface, saving settings in the Configuration > Network > Network Interface page may cause an erroneous "Problem Saving Settings" message to be displayed in the status bar at the bottom of the page. To avoid this and other subsequent problems, it is strongly advised that you access the Administration Web Interface through a direct, non-proxied, connection.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NSWA-1022
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Improve documentation on why we are blocking range requests

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    HTTP range requests, or partial-content requests, are used by download accelerators and for large PDF files to download partial "ranges" of a file. These are only allowed by the Web Appliance for trusted sites. This is by design. Partial files cannot be scanned for viruses or other malware, so allowing HTTP range requests only makes sense for completely trusted sites.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NSWA-1020
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Some languages / fonts not supported in exported report PDFs

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The Web Appliance's PDF generation library does not support all character sets, so Active Directory user names that use unsupported character sets do not render correctly.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NSWA-1018
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SMA bypass does not work when joining with hostname but accessing by IP

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If a Web Appliance is joined to a Management Appliance by entering the Management Appliance's fully qualified domain name into the Hostname text box in the Configuration > System > Central Management page, but an administrator subsequently accesses the Management Appliance's Administration Web Interface by using the Management Appliance's IP address while proxying through the Web Appliance, the usual policy bypassing applied to that access is ignored as the IP address will not be recognized as being the Management Appliance.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NSWA-1016
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ICQ's default connection settings won't work with the proxy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            By default, the instant messaging application, ICQ, connects to login.icq.com through port 5190, which will not work with the Web Appliance. To be able to connect, ICQ must be reconfigured to use port 80 for this connection.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NSWA-1014
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Local Site List entry with unused tag should notify the admin

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Currently, you can add a Local Site List entry with an unused tag which can take precedence over a Local Site List entry with a used tag, potentially disabling the used tag. To prevent this, always ensure that all added tags have actions configured in the* Configuration > Group Policy > Additional Policies* wizard.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NSWA-1012
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Bridged/transparent setting cause Cisco switch to shut down its port

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  If you change a Web Appliance from explicit to either bridged or transparent mode, it causes interoperability issues with the spanning-tree calculations of Cisco switches. This can be overcome by running spanning-tree bpduguard disable for the appropriate port on the Cisco switch.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NSWA-1010
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Issues with Adobe Flash Player

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    By default, the Adobe Flash player uses port 1935 to receive streamed content. The Sophos Web Appliance does not block this traffic (unless you have configured your policy to block Adobe Flash video), but it is common for firewalls to block traffic through this port. If you find that you are unable to view Flash videos in your network, and you have not explicitly blocked access to Adobe Flash video in your policy, open port 1935 access on your firewall. Other solutions are available, but are beyond the scope of the Sophos Web Appliance documentation; however, you can examine the options discussed in this Adobe article: http://www.adobe.com/devnet/flashcom/articles/firewalls_proxy02.html.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NSWA-1008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Router requires WCCP restart when "mismatched forwarding method" case encountered

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      When a proxy with an incompatible forwarding method attempts to join a Web Cache Communication Protocol (WCCP) service group, the Cisco router correctly detects that an unusable proxy has joined, but it does not update the router's record. To correct this, you must disable WCCP on the router, and then re-enable it, clearing the list of known routers.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NSWA-1006
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Docs: Dashboard unique users could be double counted in load balancing mode

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        In load-balancing mode, some unique users may be double-counted on the Management Appliance dashboard when one of the load-balanced appliances becomes temporarily unavailable.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NSWA-1004
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Endpoint can't re-register with a SWA it has previously registered to

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If an endpoint registers with a Sophos Web Appliance (SWA) or Sophos Management Appliance (SMA), then registers with a second, different SWA or SMA, it will then be unable to re-register with the first SWA or SMA.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NSWA-1002
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Endpoint to Sophos Web Appliance (SWA) communication does not work with non-SWA proxies that use ActiveDirectory authentication.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Endpoint to Sophos Web Appliance (SWA) communication does not work with non-SWA proxies that use ActiveDirectory authentication.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NSWA-998
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • SWA 3.9.4.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Admin UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Manually Backup Download fails in IE8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Manually downloading a backup using Internet Explorer (IE) may fail. This can be caused by certain combinations of settings. The description of the issue and its resolution for IE v9 can be found in this Microsoft support article, while the description and resolution for earlier versions of IE can be found in this Miscrosoft support article.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                UTM

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Last updated: 12 Sep 2022 - 06:42:53
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTM-13616
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM 9.7 MR11 (9.711)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Wireless
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Roaming between APX and AP models is not supported

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Roaming between APX and AP models is not supported

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Legacy AP to APX and vice versa roaming won’t work as its not supported due to different driver constraint.  

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTM-13534
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM 9.7 MR7 (9.707)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Throughput when doing speed tests while using web proxy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    When using services that test network speed for individual devices, results may indicate lower than expected bandwidth when web filtering is enabled. This is generally due to the way that traffic is received, scanned, and forwarded by the UTM’s web proxy and the need to ensure that resources consumed by a single connection does not impact resources available for other traffic on the network. It does not represent an overall limit on the bandwidth that can be handled by the firewall – under normal use conditions, the UTM handles multiple parallel connections from different endpoint devices which allows parallelization of processing and allows the full bandwidth of the network connection to be used.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTM-13194
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM 9.7 MR8 (9.708)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SPX portal 404 NO SUCH USER after upgrading to 9.708

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The SPX portal throws a 404 when users clicks on the register link in the registration email.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Open registration email and click the link to register. This should take you to page that asks to enter password, instead you see 404 and a error message that says “no such user”
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Resetting the account and sending the email again gets the same error message.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Please contact support to get a prefix.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Select an SPX template with the sender set password. This will require the sender to add [secure:] to the subject where is the password for the encrypted PDF. The password will need to be shared in a secure manner like a phone call.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Note: If the Outlook encrypt add-in is used, users will still need to mark the email with that tool to encrypt. Users without outlook client will need to add the header X-Sophos-SPX-Encrypt: yes to the email before sending.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTM-5222
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM 9.4 MR2 (9.404)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        missing account link/binding in pop3 database

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The pop3 mailaccount bindings will not store correctly to the database if no prefetch server is configured.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        As a side effect, a user will not be able to release items from the quarantine if no prefect server is specified.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTM-4996
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM 9.4 MR2 (9.404)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • WAF
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Webpages with Encoded Slashes Not Allowed

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Non-standard Webpages Not loading With WAF .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          If there any encoded slashes in the URL responsible for Loading the Web pages those URL would not load and are replied with 404 by WAF although the resource exists on the backend server .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           The signs for identifying such an URI is it contains slashes in encoded format (%2F)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The Apache directive AllowEncodedSlashes is set to No by default for security reasons. This means Apache will reply with a 404 to every request containing encoded slashes. Setting the parameter to NoDecode is not an option since that setting is not compatible with mod_proxy since it would result in double encoding .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The reason why the endcoded slashes are not allowed is that you can access locations that were otherwise restricted. E.g. if you have a location configured for /something on example.com and you access example.com/something%2F..%2Fadmin, you can reach a location that might have no site path configured in WAF. This is for setting AllowEncodedSlashes to yes.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          More information would be at

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          https://httpd.apache.org/docs/2.4/mod/core.html#allowencodedslashes

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTM-5043
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM 9.35 MR2 (9.353)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Recipient verification not working with Microsoft Global Catalog (LDAP over SSL using port 3269).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Recipient Verification is set to verify recipients in Active Directory and messages to non-existant recipients are not rejected as expected.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            After you confirm that recipient callout works with port 3268 and without SSL you could try the following:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            In WebAdmin create a "New network definition" in Definitions & Users >> Network Definitions >> Network Definitions tab. Set its type to "DNS Host" and enter the DNS hostname for the Active Directory server. After we click on the Save button we can use this definition with the Authentication Server in Definitions & Users >> Authentication Services >> Server tab.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTM-6650
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.4 MR6 (9.409)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • WAF
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SQL_INJECTION Critical warned instead of blocked

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Webserver protection is only warning on SQL injection instead of blocking.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              reverseproxy logs will show ModSecurity: Warning message and does not block the connection

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              This was caused because the following where added to the skip filer rules list
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              981203, 981176, 981204

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              These rules are need to decide if the SQL inject should be blocked, because they are not done the SQL inject is not blocked.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTM-8000
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM 9.35 SR3 (9.355)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Failed node's quarantined e-mails can't be released

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                On UTM quarantine directories are sycned across all nodes. Any e-mail quarantined on a node is synced to the node directory across all nodes - this is valid also for "RESERVED" nodes.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Directory structure:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                spool/quarantine//

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Spool directory:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                /var/chroot-smtp/spool

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                E-mails on HA systems are by design not automatically syned if there is a failover. To retrieve e-mails of a failed node the administrator has to copy the e-mails manually.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Copy e-mails from the failed to the current node (ID):
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                spool/quarantine// to spool/quarantine/

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                After this restart the SMTP:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                /var/mdw/scripts/smtp restart

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTM-8001
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM 9.4 MR8 (9.411)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SMTP 'cannot parse spamd' error allowing spam

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The logs show the following error message
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2017:03:03-18:59:57 example-utm exim-in[8500]: 2017-03-03 18:59:57 1cjx77-0002D6-0E spam acl condition: cannot parse spamd output

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This issue is being cause because the spam lookup module is failing to connect to the lookup servers

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTM-9276
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM 9.5 SR1 (9.504)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    E-Mail Quarantine behaviour

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Is it expected behaviour that the retry time includes the time a mail was in quarantine

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    If a mail was moved to quarantine and was released later the mail server rejects the mail with a temp error 421.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Instead of a retry the UTM logs "retry timeout exceeded" and sends a bounce message to the sender.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTM-9457
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM 9.5 SR2 (9.505)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SPX attachments with # in file name

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      When an email is sent with an attachment and that attachment has space then # sign the SPF truncates the name of the attachment in the encrypted pdf. The attachment cannot be opened

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      example file name
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "Test #1.pdf"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      In the pdf it will say 'Test' you cannot open or save the attachment from the pdf when this happens

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PDF meta XML parsing of "#" character after space is not supported by pdf utility used for SPX

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTM-9453
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM 9.5 MR3 (9.503)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Non-ASCII Character : Bypass valid SPF Record

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Domain which have a valid SPF Record could bypass the SPF checking if you send a non-ascii character in the HELO string.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Example : If there is a domain test.com with SPF Record

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        v=spf1 mx a ip4:X.X.X.X -all

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        when you try to telnet into the server and try sending a non-ascii character in the helo string the SPF check fails .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        system-1:/var/log # telnet test.com 25
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Trying X.X.X.X ...
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Connected to test.com
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Escape character is '^]'.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        220 mail.lochem.nl ESMTP ready.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        HELO test♥.nl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        500 non-US-ASCII characters are not allowed in SMTP commands
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        mail from: test@abc.in
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        250 OK
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        RCPT TO:XYZ@example.com
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        250 Accepted
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ^]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        telnet> quit
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Connection closed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Reason : When EHLO/HELO is missing or rejected by exim, the spf check will fail due to missing EHLO/HELO.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        We already have behavior that rcpt will be accepted in such case of spf fail.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Workaround : Enable Reject invalid HELO/ missing RDNS

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTM-10388
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM 9.5 MR7 (9.509)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • WAF
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        What is Max_processes Max

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Question: What is the max_processes max setting  for the WAF service ?

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        There is no max value for this setting. The limiting factor will be how much memory is available, which then depends on how many features are being used on the UTM.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Suggestion is to increase the max_processes value slowly, making sure there's enough memory on the SG to handle it.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTM-11151
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM 9.6 MR1 (9.601)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          UTM not decrypting S/MIME messages from Gmail

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          UTM is expecting an encrypted signed message. It reverts it by decrypting the message first then verifies the signature.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Google Gsuit signs, encrypts and signs the encrypted mail again. The UTM does not know how to process/verify these emails.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTM-12382
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM 9.7 MR1 (9.701)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • WAF
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            WAF Content-Encoding disabled with common threat filtering enabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            WAF compression not working with "Common Threat Filter" enabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If Client requests encoding like gzip WAF will not send back this encode content if "Common Threat Filter" is enabled.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Disable command threat filter

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTM-12608
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.7 MR5 (9.705)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Email
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Supported S/MIME versions

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Which S/MIME versions do we support in UTM?

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Sophos UTM supports the following S/MIME versions:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Using the command line, you can define which S/MIME version Sophos UTM uses:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The confd option "encryption_utility" can have these values:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              smime: Sophos UTM handles S/MIME version 2 (default)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cms: Sophos UTM handles S/MIME up to version 3.1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTM-13328
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM 9.7 MR7 (9.707)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                VLAN limitations based on chipsets on network modules

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The number of VLANs supported per interface is dictated by the Ethernet Controller used by the NIC.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                82599ES based ethernet controllers support up to 64 VLANs.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                XL710 based ethernet controllers support up to 256 VLANs, but share forwarding/routing tables with other features and this number is smaller in practice. It ranges between 100 and 180 depending on features in use.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The aforementioned Ethernet Controllers are used by the following NICs:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Other modules may support more or less VLANs.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                An indication that the threshold is being crossed is the existence of the following log in dmesg (or kernel.log on UTM):

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                i40e 0000:04:00.0: Error I40E_AQ_RC_ENOSPC, forcing overflow promiscuous on PF

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                If the log above is being seen, lower the amount of VLANs per interface and spread them across multiple interfaces until the logs are no longer generated – this should improve performance.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NCL-1394
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Auth Client macOS 2.1.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Authentication Clients
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CAA takes 2-3 minutes to login user on MAC when it comes back from Sleep

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Issue description :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  When MAC books comes up from the Sleep mode its takes 2-3 minutes for the user to be able to browse the internet .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This happens only incase we have a User based firewall rule . It takes CAA around 2-3 minutes to authenticate the user .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Workaround :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The user can disconnect and reconnect the client .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Disconnect the CAA , Reconnect

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NCL-1392
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • STAS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Do we support Secure LDAP port 636 in STAS for Novell eDirectory configuration ?

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      *Question:*  

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Do we support Secure LDAP port 636 in the Novel eDirectory configuration of STAS?

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Answer:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Secure LDAP port 636 is not supported in the Novel eDirectory configuration of STAS.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NCL-1309
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • STAS 2.5.1.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • STAS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        STAS Users are getting disconnected frequently if dead entry timeout configured other than zero.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        STAS Users are getting disconnected frequently if dead entry timeout configured other than zero.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Dead Entry Timeout does not work and it MUST be set to zero. If the value for the dead entry timeout is configured anything other than zero then such behavior encountered and users may get disconnected randomly.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Need to set the dead entry timeout to zero to avoid user disconnection due to dead entry timeout. It is recommended to use the WMI mechanism in STAS for log-off detection.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTM-12689
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM 9.7 MR5 (9.705)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Access & Identity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          RDweb Apps via HTML5 VPN portal not working

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The HTML5VPN portal offers RDP connections and HTTP / HTTPS connections.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          HTTP / HTTPS connections are for accessing a web server.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          RDWEB is accessing an RDP server via HTTPS to use apps/clients via RDP.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Acessing RDP systems via an HTML5VPN HTTPS connections is not supported and there is no plan to support this in the future.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          To use RDP use an  RDP connection from the HTML5VPN portal.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          None

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTM-12630
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM 9.7 MR5 (9.705)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            IPv6 link local address disappear

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            In IPv6, the local link address is created and assigned to an interface by Linux system when the interface is brought up. The interface will lose its link local address if it is brought down

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            This issue will occur in the following scenario:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            i) There is ethX (IPv6 global address and link local address) and ethX.VLAN and both of these are up
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ii) A new global IPv6 address is assigned to ethX
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            iii) After assigning newer IPv6 address, then ethX losses its link local IPv6 address

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Work-around for this issue

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTM-12469
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.7 MR3 (9.703)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Access & Identity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            HTML 5 VPN Black box over cursor with Windows 10

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            When using the HTML5 VPN portal to RDP into a Windows 10 machines the cursor some times shows as a black box.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Attempted to change the cursor on the RDP machine same issues (but different box shape)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            N/A

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTM-12432
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.4 MR8 (9.411)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Access & Identity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Not possible to use 2 IPsec Remote Profiles with PSK and XAUTH

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              It is not possible to use 2 or more IPsec Remote Profiles with PSK and XAUTH enabled at the same time.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Use only one profile with PSK and the other profiles with certificates

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTM-12332
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM 9.7 MR4 (9.704)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • RED
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                RED site-to-site tunnels reconnecting at random intervals (utm to SG/XG)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                A change in the RED-Client in UTM Firmware version 9.7 MR4 (9.704) leds to UTM site-to-site tunnels to disconnect and reconnect in random intervals.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                A Pre-fix RPM is available for 9.7 MR4 and 9.7 MR5. Only the client side of the tunnel is affected.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The fix is scheduled to be included in 9.7 MR6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTM-12187
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM 9.7 GA (9.700)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Access & Identity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                [HTML5 VPN] HTTPS connection type doesn't work

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The HTTPS part of the HTML 5 portal only support TLS 1.0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                It is recommended to use WAF instead of HTML5 VPN as it has better support and a more granular control.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTM-11856
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Sophos Connect: Cannot authenticate user with german umlauts

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Sophos Connect for the time being only supports Ascii characters, no umlauts or UTF-8 or UTF-16.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTM-11670
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Allow arp broadcasts option

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Allow ARP broadcasts explained

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ARP is a broadcast protocol which means every machine in the broadcast range needs to receive the ARP in order to communicate which each other. This option does not apply to all ARP requests as it does not apply to the Ethernet targeted MAC address. All ARP requests will have Ethernet target MAC address as broadcast address. This option only applies to certain ARP requests, which have the ARP target address set to broadcast address. This is not the same as the Ethernet target MAC address.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Here is an example of the Frame this applies too. Bold is what the UTM will check.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Ethernet II, Src: Sophos_10:0e:00 (00:1a:8c:10:0e:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Destination: Broadcast (ff:ff:ff:ff:ff:ff)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Address: Broadcast (ff:ff:ff:ff:ff:ff)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Source: Sophos_10:0e:00 (00:1a:8c:10:0e:00)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Address: Sophos_10:0e:00 (00:1a:8c:10:0e:00)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Type: ARP (0x0806)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Address Resolution Protocol (request)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Hardware type: Ethernet (1)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Protocol type: IPv4 (0x0800)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Hardware size: 6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Protocol size: 4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Opcode: request (1)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Sender MAC address: Sophos_10:0e:00 (00:1a:8c:10:0e:00)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Sender IP address: 192.20.250.2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Target MAC address: Broadcast (ff:ff:ff:ff:ff:ff)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Target IP address: 192.20.250.1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTM-11638
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM 9.7 MR1 (9.701)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • RED_Firmware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Possible RED 50 issue after 9.605

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            An issue has been identified which affects RED 50 devices in UTM 9.600 onwards.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The UTM 9.600 onwards introduced an issue which, in some cases, might cause RED 50 devices to disconnect and NOT connect back. This has resulted in the devices becoming unusable or ‘bricking’. There is a possible issue with bad block handling and the flash developing a more significant amount of bad blocks that is causing the issue . 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If you are affected by this please open a support ticket.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTM-11285
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM Auto Scaling on AWS R14 (9.60x)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • AWS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            GES Question : Queen interface Alias IP to Workers

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            UTM on AWS the Queen interface syncs Alias IP to Workers .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Currently, adding or deleting Alias IP objects on Queen would reflect on the Workers as Queen as the controller node,

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Updates on Alias IP objects would not be reflected on Workers due to the filter mechanism designed .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Workaround :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If the customer wants to use alias ips on their worker nodes, they can do the following for each alias ip:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1. Create alias ip object and select which interface it's aliasing to.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2. After the alias ip has appeared on each Worker's node, change its attributes through Worker's UI.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3. Verify that the changes to alias ip should stay at Worker all the time until the Queen decides to delete it.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Also, use Queen to toggle on/off the alias ip's status.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTM-11315
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.6 MR5 (9.605)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Duplicate DHCP Static IP entries allowed

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              UTM will allow multiple host objects to have the same IP address. This means multiple MAC addresses can be assigned to the same IP and there will be no error or warning message that his has been done.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The DHCP service will only give the IP out to the first machine to grab the IP address. All other machines will get an APIPA address (169.254.0.0/16)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTM-11045
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM 9.6 MR1 (9.601)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • HA/Cluster
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                GES Question: conntrackd synchronization

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                After a firmware update or an ha-takeover from an Active-Passive HA System, it can happen that the conntrack synchronization is interrupted.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                This will cause the re-establishing of connections.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTM-11359
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM 9.5 MR6 (9.508)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Routing table for LAG is getting removed after disable the HA active-passive

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Routing table for LAG interface is removed if HA is disabled.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This happens if HA is being disabled and there are VLAN interfaces on top of the LAG interface.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Reboot the system.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTM-9722
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM 9.4 MR6 (9.409)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Kernel
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SG430 / SG 450 with interface issues in a specific combination

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Affected models:-
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SG430, SG450, XG430 and XG450 using 8x1G Copper Module in Slot A with 4x10G Fiber Module in Slot C combination.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Issue condition:-
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Error can be seen only during reboot/power cycle (more than 4-5 reboot/power cycle).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    None of the Ethernet Interfaces could be visible in ifconfig

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Error Message:- PCI Vendor and Device IDs do not match!

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Technical Root Cause:- 8x1 Coppler Module PCI-E root from CPU has detected and configured LAN chip of i350AM4 but failed to be configured with upstream/downstream PCI-E port.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Issues will happen only using 8x1G copper module in Slot A with 4x10G Fiber module in Slot C:-
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. 8x1G copper module doesn’t detected during multiple reboot.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2. Appliance doesn’t boot after post with error ”PCI Vendor ID and Device ID doesn’t match”
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3. Appliance stuck after post, no boot at all.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Note: Issue can be seen only in case of mutiple reboot/power cycle (more than 4-5 reboot/power cycle).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Temporary Solution:- Just reboot the device will detect the interface again and working normal.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Permanent Solution:- SG afftected models must be upgraded to latest official BIOS version.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Affected Bios Version

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SG 430 - R1.04 (11092015) or any lower version

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SG 450 - R1.03 (11092015) or any lower version

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTM-4405
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM 9.4 MR1 (9.402)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UI Framework
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Webadmin not reachable with IE11 when md5 signed certificate is used since change from NUTM-3311

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      TLS 1.0 had been disabled in 9.402.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      TLS 1.0 enables downgrade attacks, this tremendously weakens the overall security of connections. As a consequence MD5 signed certificates are no longer working for Webadmin and User Portal with Internet Explorer 11.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The issue can be avoided by using a certificate signed with SHA256. A appropriate certificate can be created using the Webadmin:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Management > WebAdmin Settings > HTTPS Certificate > Re-generate WebAdmin Certificate

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If the Webadmin CA also uses MD5 the CA needs to be re-generated too.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      For this please follow the steps provided in "4. Regenerate Certificates and regarding CAs - For WebAdmin:"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      in the following KBA:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      https://www.sophos.com/en-us/support/knowledgebase/120851.aspx

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTM-10897
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM 9.6 MR1 (9.601)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Temporary network interruptions with certain network settings

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      There can be a temporary disruption of network connectivity under one of the following conditions:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. dns_group is configured with a specific interface instead of "Any"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2. Monitoring host is a DNS host

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Work-Around
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1. Don't use a specific interface in the dns_group
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2.Use Static IP address for monitoring host

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTM-11082
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM 9.6 MR2 (9.602)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        GUI live log limitation in regards of NAT rules

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The UI shows an "alert" in the live log for NAT rules when the NAT rule is above 1000.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The code that writes the packetfilter log assumes that NAT rule IDs are in between 62000 and 63000 (within 1000 range). By default they start with 62001 and keep incrementing. If the code sees a rule with an ID above 63000 it labels it with "IPTables" and the word "alert".
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        But the system works as expected, NAT rules work fine and all the logs are properly logged.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTM-11117
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM 9.6 MR3 (9.603)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • NoRelease
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        OSPF continuously restarts when IPv6 enabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        OSPF restarted continuously when the IPv6 is enabled .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        *Root Cause Analysis
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        *This issue is caused in the following conditions:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        OSPF interface has an IPv6 address
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Remote Access VPN by SSL is enabled and
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Settings/Virtual IP Pool/Pool network has only IPv4 address
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Note: There is no IPv6 address for this "Pool network"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        IPv6 enable
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        User login to UTM using SSL-VPN
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        After user login using SSL-VPN, the mdw will write an IPv6 address from the Pool network which does not have a IPv6 network. Hence the IPv6 address is
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        empty which is written into the ospf6d.conf. This empty address causes ospf daemon keeping to start over

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Workaround :

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Add an IPv6 range to the Pool network in the Remote Access/SSL/Virtual IP Pool

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTM-5348
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM 9.35 MR2 (9.353)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          WAN interface stops forwarding traffic on VM appliance

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Engineering does not recommend customers to use the e1000 driver, which has not been maintained for a number of years. In general, our recommendation is for customers the use the VMX driver instead.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          If customers have to use the e1000 driver, they should make sure it's updated to the latest version.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTM-10685
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM 9.5 MR8 (9.510)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM 9.6 GA (9.600)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Up2Date
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Available pattern updates appear to not be updating

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If UTM is only using some of the features then the lastest availible pattern version and the actual pattern version might differ. This can happen when the newer pattern is including changes for an unused feature.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Also this might happen when the pattern check frequency was changed down from the default 15 minutes.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            To change the frequency of the pattern checks navigate to
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Management > Up2Date > Configuration > Pattern Download/installation Interval: Manual
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Current pattern version: 156727
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Latest available pattern version: 157024

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • If you switch back to an auto check interval - it will show as:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Your patterns are up to date.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • It is expected that pattern versions will not match up as it is dependant on what features are used (ie IPS u2d or app control etc.)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            This is by design and cannot be changed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTM-10647
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.4 MR6 (9.409)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SG550/650 refresh, SG750: 4x10G module port numbering reversed

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SG 550 / 650 have the port numbers reversed when using the 4x10G module - compared to what is printed on the module. There is no issue with other modules.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTM-10320
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM 9.5 MR7 (9.509)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • AWS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Time is appearing wrong in UTM hosted

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Time is appearing wrong in logs. Issue is observed when admin changes the timezone on UTM Web GUI.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                This issue is caused by each running process is spawned off with the current TimeZone (TZ) and this TZ is used for setting the time in the log message. Changing the TZ on UTM Web GUI does not force this TZ change in all current processes in the system. Hence all the logging from current running system will have old time.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Reboot the system

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTM-10586
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM 9.5 MR8 (9.510)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Kernel
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Webadmin access through IPsec Tunnel with NAT does not work

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  It is not possible to use NAT on top of SSL on top of IPsec tunnel on the same UTM.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e.g. connect to an UTM Webadmin through IPsec Tunnel with NAT in place
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Please use the described workaround.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Configure an additional address to access Webadmin

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Add this IP address to the IPsec Tunnel

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Configure Firewall Rule

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTM-10544
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM 9.5 MR7 (9.509)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • AWS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    AWS UTM experiencing connectivity issues after restoring a backup from a different AWS instance type

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    When restoring a backup from a UTM in AWS utilizing one instance type (e.g c3.large) to another AWS UTM utilizing a different instance type (e.g c4.large) the resultant UTM may be inaccessible or have limited network connectivity.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1) Ensure that the new UTM instance has at least two NICs added.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2) Rename the first interface to something else instead of "Internal", there is no need to configure the second interface.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3) Restore the backup.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    4) A reboot may also be required

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTM-10387
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Basesystem
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Support USB modems Verizon USB 760 Verizon Pantech Verizon Mifi7730L

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Are the following modems supported:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Verizon USB 760

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Verizon Pantech

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Verizon Mifi7730L

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTM-10386
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM 9.5 MR8 (9.510)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Access & Identity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          STAS on UTM questions

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Common questions regarding STAS on Sophos UTM 9.510

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1. Does the UTM make queries to STAS when it see traffic that is not authenticated?

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          UTM does not make queries for unauthenticated traffic, this is only available in SFOS

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2. With logoff detection disabled will STAS record the log off events from the Windows event logs and update the UTM?

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          STAS only handles the login events from the Windows event system and updates the UTM, logoff detection is the only way users are removed from the liveuser list

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          3. How do users get removed from the collector database in stas?

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Users can only be removed by manually deleting them, logoff detection, or login event for the same IP arrives will replace the old IP.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTM-10488
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Access & Identity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Key Reuse Vulnerability - not affected

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Sophos UTM is not affected by IPSec IKE Key Reuse vulnerability

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTM-10487
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM 9.5 MR8 (9.510)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SFP Modules in 10 Gbit SFP+ Flexiport

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                With 10 Gbit SFP+ Flexiport Modules only the 2x10 Port module  supports 1 Gbit SFP Modules

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTM-10292
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM 9.5 MR7 (9.509)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Connection issues caused by ARP flux

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ARP flux is sometimes an issue when there is a bridge interface in UTM.  ARP flux can be identified when followings are present:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Solution to this is to change the default arp_filter from 0 to 1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Following is the work around procedure to address the ARP flux issue when bridges are involved

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Notes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  i) This procedure must be applied to all nodes which are affected by this ARP flux issues, i.e. all nodes in HA pair/cluster
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ii) Adding this setting to the file /etc/sysctl.conf will make it permanent, i.e. it will remain across reboot and update
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  iii) Step 2 will perform the setting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  iv) Step 3 checks to make sure the setting is correct

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTML-12003
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM-V9 9.193 (beta92_rc1)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • VPN - SSL
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Pinging the SSL client gateway IP address from the server side fails.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    In a SSL site-to-site setup ping packets from the server site to the remote network gateway address don't work. If you try the same thing from the client side, everything works without any problem.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Ping will work if you use the command with source ip address: ping -I "source ip address" "destination ip address"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTM-10007
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Random slow down of the SG430/SG450 with busy disk and less disk I/O

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        a small percentage of SG and XG 430/450 Rev.1 appliances not being accessible  anymore except via serial. This is caused by a SSD software/firmware issue. The serial console output shows the errors:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Reboot and Select proper Boot device

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Insert Boot Media in selected Boot device and press a key

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • I/O error on SDA

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SQUASHFS error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        This issue is based on problems with the Solid State Disk (SSD) firmware. 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If you have an SG or XG 430/450 Rev.1 that is experiencing issues like those shown above, please contact Sophos Support for further instructions. If possible go ahead and make a backup with one of the KBA's mentioned below:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTM-4903
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM 9.315
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Route sometimes missing after UTM migration within a XEN server pool

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          In rare cases some static routes don't get set after a UTM gets migrated from one XEN host to an other.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          To restore the routes you need to disable and re-enable the link used by the route or the missing route itself.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTM-5138
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM 9.4 MR3 (9.405)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Authentication exceptions don't work when matching by category

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Web Protection exceptions that skip Authentication do not work correctly if they match by category. If matching by URL they work as expected.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The system first checks for exceptions based on source and destination IP, and then if applicable, it authenticates the request. Only authenticated requests will be checked for tags or for categories.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Create Authentication exceptions that match by URL, domain, source or destination instead of by category.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTM-5593
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.4 MR4 (9.407)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Policy tester shows incorrect result in special case

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The Web Protection policy tester displays an incorrect result in the following case:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The policy tester will show the URL is allowed, but if a client actually tries to browse directly to it, they will be blocked.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The client is blocked because when browsing to that URL, the browser first tries to open up a SSL CONNECT tunnel to www.youtube.com, which is blocked. The client doesn't actually get the chance to request the actual URL. This occurs regardless of whether Decrypt & Scan is enabled.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTM-5829
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM 9.4 MR4 (9.407)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Access & Identity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Use of strict policy in combination with respond only mode

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                When a connection attempt comes in pluto tries to find a connection for it with the information that is available at the time. Usually that is the remote gateway's IP address. In the respond only case (and also for remote access) that IP address is not configured, so there's little chance that pluto picks the right connection to start with. It is only the correct connection if it is the first one that matches in the linked list of connections. The order of the list changes as pluto moves entries that are used to the front, so lookups are faster for active connections. So, there's no way to guarantee one particular connection is preferred over another one.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Pluto picks a "random" connection and proceeds the negotiation. If it picks one with a strict policy and the remote peer is not matching that policy, then the connection is declined because of strict. Later in the negotiation, when the certificates and thus the identity of the remote peer is known, pluto would switch to the correct connection. But the strict policy prevents that, stopping the negotiation before the identity is revealed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTM-6919
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM 9.4 MR6 (9.409)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Web Proxy signs certificate with search domain appended to subject if server not found

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  If a Search domain is configured (Web Protection > Filtering Options > Misc > Search domain) and an end-user attempts to browse to a non-existent domain over HTTPS (e.g. https://this-does-not-exist.com), the following will happen:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • The Web Proxy sends DNS lookup for original domain (this-does-not-exist.com).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • The DNS server replies with NXDOMAIN (non-existent domain).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • The Web Proxy appends the configured search domain to original domain, and sends DNS lookup for new domain (e.g. this-does-not-exist.com.foo.bar).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • The DNS server again replies with NXDOMAIN.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • The Web Proxy will generate a certificate (signed by the proxy CA) for the new (non-existent) domain (this-does-not-exist.com.foo.bar) and attempt return a block page over HTTPS with the newly-generated certificate.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This will result in a browser warning, since the browser was trying to access this-does-not-exist.com and the certificate created for this-does-not-exist.com.foo.bar.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  If the same search domain is already provided to clients (via DHCP), it's usually not necessary to configure it on the Web Proxy.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  If this is the case, you can remove the search domain from Web Protection > Filtering Options > Misc > Search Domain.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTM-7669
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM 9.312
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Unable to connect SSH for 8 minutes after changing IP address on SSB5 v9.312

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    After changing IP addresss it takes a few mins until the system is accessible through SSH. This is because IPS needs to reload and blocks access to the system while its reloading. This only happens on low-end appliances.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    There are 3 different methods for reloading IPS, which can be changed through condfd key, ips -> reload_method. It accepts the following three values: 'reload','restart','takeover'
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Default value is 'reload' or 'takeover' which both are memory intensive.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    On systems with low memory this could be changed to 'restart' for faster turnoever. the downside of using this method is that there is a short window where the daemon is not running on the system.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The trade off is faster access time, versus a short windows where IPS doesn't run on the system.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTM-7782
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM 9.4 MR8 (9.411)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      UTM gets unresponsive while pattern updates were running

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The UTM automatically downloads and applies pattern updates to ensure protection at all times. After downloading the updates, the scan engine is reinitialized with new detection data. Sometimes the engine component itself is updated with a new version. While the update is happening, downloaded content or other requests that requires scanning can be delayed while the reload completes.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTM-8837
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM 9.5 MR1 (9.501)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Changes in static route configuration or the enabling/disabling the interfaces will cause all routes to be configured again.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        As per UTM design, changes in static route configuration or the enabling/disabling the interfaces will cause all routes to be deleted, in the backend, and then add back all the routes again that are not disabled.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        This issue can be verify through the confd, confd-debug, mdw-debug logs.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        In such cases,if OSPF is enabled and the static routes are redistributed, there could be fluctuation in the route topologies. LSA updates(specifically LSA type 5)will cause the neighbour to log the topology related changes.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        For the other dynamic routing protocol, we may see similar behaviour as well but it depends on how other dynamic routing protocol advertises the routes to the neighbours.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        No Workaround

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTM-9352
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            UTM reboots when polycom video conference is in use

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Using the application Polycom RealPresence Desktop 3.4.0.54718 for the Video Conferencing over UTM could result in spontaneous reboot of the UTM.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The reboot occurs when you triy to perform video with a remote Site.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Please use Polycom RealPresence Desktop 3.7 or higher.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTM-4452
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.35 SR3 (9.355)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Clinet machines not able to update the SOPHOS CLOUD ANTI VIRUS while using Https scanning .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Endpoints cannot connect to the MCS server if https scanning is enabled for the decrypt and scan .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The http log would give an error like this one

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2016:05:18-10:52:11 utm httpproxy[5630]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.1.241" dstip="54.148.0.26" user="admin" ad_domain="" statuscode="502" cached="0" profile="REF_vTSCHPtQsV (LAN)" filteraction="REF_qVYuykYAYD (administrator filter)" size="3742" request="0x18426800" url="https://54.148.0.26/" referer="" error="Failed to verify server certificate" authtime="6" dnstime="1" cattime="0" avscantime="0" fullreqtime="860528" device="0" auth="4" ua="" exceptions=""

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              For this cases the "Sophos LiveConnect" DNS Group should be used in the transparent skip list by source address. If this doesn't exist, create it using the DNS hostname "all.broker.sophos.com".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTM-4461
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM 9.35 MR2 (9.353)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                afcd[xxxxx]: _afc_conn_get_age(): The timestamp of connection 0x019AE6CF is in the future; correcting ...

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                UTM is logging all the day (about 15-20 a day, everyday) the below messages:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2016:06:07-00:09:30 firewall-1 afcd[5586]: _afc_conn_get_age(): The timestamp of connection 0x0196662A is in the future; correcting ...
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2016:06:07-00:09:30 firewall-1 afcd[5586]: _afc_conn_get_age(): The timestamp of connection 0x0196662C is in the future; correcting ...
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2016:06:07-00:09:30 firewall-1 afcd[5586]: _afc_conn_get_age(): The timestamp of connection 0x01966629 is in the future; correcting ...
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2016:06:07-00:14:50 firewall-1 afcd[5586]: _afc_conn_get_age(): The timestamp of connection 0x0196725E is in the future; correcting ...
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2016:06:07-00:17:30 firewall-1 afcd[5586]: _afc_conn_get_age(): The timestamp of connection 0x01967872 is in the future; correcting ...
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2016:06:07-00:22:50 firewall-1 afcd[5586]: _afc_conn_get_age(): The timestamp of connection 0x0196841A is in the future; correcting ...
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2016:06:07-00:32:10 firewall-1 afcd[5586]: _afc_conn_get_age(): The timestamp of connection 0x01969802 is in the future; correcting ...
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2016:06:07-07:50:51 firewall-1 afcd[5586]: _afc_conn_get_age(): The timestamp of connection 0x019A6FA7 is in the future; correcting ...
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2016:06:07-07:56:11 firewall-1 afcd[5586]: _afc_conn_get_age(): The timestamp of connection 0x019A7EF7 is in the future; correcting ...
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2016:06:07-08:33:31 firewall-1 afcd[5586]: _afc_conn_get_age(): The timestamp of connection 0x019AE6CA is in the future; correcting ...
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2016:06:07-08:33:31 firewall-1 afcd[5586]: _afc_conn_get_age(): The timestamp of connection 0x019AE6CF is in the future; correcting ...

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                There is no workaround. This error message is merely warning and does not have any impact on the system. It is safe to ignore this.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTM-8004
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM 9.4 SR2 (9.406)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Incorrect IPtables rules if working with object groups and interfaces

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  IPtables rules are not created correctly if host objects are bound to interface groups. Depending on which of the interfaces is on top of the interface group the IPtables rules will be written. Everytime you change the order, the rules will change.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  utm:/root # iptables-save | grep 9100
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  -A USR_FORWARD -i eth0 -p tcp -m policy --dir in --pol none -m set --match-set k5VA9LzHISEdJUBR6rRRpw src -m tcp --sport 1:65535 --dport 9100 -j DROP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  -A USR_FORWARD -i eth1 -p tcp -m policy --dir in --pol none -m set --match-set k5VA9LzHISEdJUBR6rRRpw src -m tcp --sport 1:65535 --dport 9100 -j DROP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  utm:/root # iptables-save | grep 9100
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  -A USR_FORWARD -s 8.8.8.8/32 -i eth1 -p tcp -m policy --dir in --pol none -m tcp --sport 1:65535 --dport 9100 -j DROP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  -A USR_FORWARD -s 8.8.8.8/32 -i eth0 -p tcp -m policy --dir in --pol none -m tcp --sport 1:65535 --dport 9100 -j DROP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  -A USR_FORWARD -s 192.168.1.1/32 -i eth0 -p tcp -m policy --dir in --pol none -m tcp --sport 1:65535 --dport 9100 -j DROP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTM-9418
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM 9.5 SR2 (9.505)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Website "simulatore.publiservizi.net" cannot be opened properly with web proxy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Issue : Website simulatore.publiservizi.net is rendered incorrectly if HTTP Proxy is in use.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The issue seems to caused due to the web server returns Pragma header with a 0D0D0A which the UTM parser takes it as end of Headers and treats rest as body.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The workaround will be adding the site to Transparent Mode Skiplist so that the site will be by passed from proxy.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1. Create the exceptions list for URL simulatore.publiservizi.net in web protection -> filtering options -> Exceptions

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTM-9452
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM 9.4 MR6 (9.409)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      ERROR: netlink response for Increase seq numbers HA SYSTEM included errno 3: No such process

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Problem: This issue can happen when PMTU discovery does not work as expected on HA link. There is no side effect other than the occasional error message from Pluto.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Solution: Ensure there is no PMTU black hole in HA link path.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTM-9755
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Access & Identity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          HTML5 VPN Portal Connections do not support additional or non-standard ports

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          HTML5 VPN Portal Connections do not support accessing additional resources on additional or non-standard ports

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTM-7667
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM 9.4 MR8 (9.411)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Basesystem
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            UTM reports target host's IP as its own hop address during traceroute

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Running traceroute to a host behind an ipsec tunnel, the remote UTM reports the target IP address as hop. This is instead of its own address. As result of this the target address is shown twice in traceroute. There is no impact on this.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            No Workaround

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTM-8805
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.35 SR4 (9.356)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.4 MR6 (9.409)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.4 MR11 (9.414)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.5 MR2 (9.502)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Static Routes for same destination network

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              It is not possible to add two or more static routes for the same destination network (even with different metric and gateways).
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Error Message: The network 'xxx.xxx.xxx.xxx' is already in use by the destination network attribute of the static route object 'xxxxxx'
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              For failover purpose please follow the KBA.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              https://community.sophos.com/kb/en-us/120239

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTM-10132
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM 9.5 MR7 (9.509)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Access & Identity
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Access to other Webadmin through HTML5VPN not possible

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                It is not possible to connect to another UTM Webadmin within the Network through HTML5VPN Portal.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                This doesn't work because Firefox is very old and only supports TLS v1. WebAdmin requires at least TLS v1.1 by default.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Use the WAF to access WebAdmin

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTM-8198
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM 9.5 GA (9.500)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Configuration Management
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Certificate expiry notification received for unlicensed feature

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Customer receiving certificate expiry notification for the Web Proxy CA. However as they aren't licensed for web filtering they are unable to regenerate this.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  I dont think we should be sending notifications for certificate used in features that are unlicensed? Or at least have a way of regenerating these from the GUI without the license.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Fallback log showing the relevant cert object:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2017:05:10-09:17:01 SOPHOS_UTM [daemon:info] notify_expiring_certs.pl: INFO - certificate REF_CaMetCukLswinOvygo2 will expire
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2017:05:10-09:17:01 SOPHOS_UTM [daemon:info] notify_expiring_certs.pl: INFO - notified about 1 certificates, which will expire

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Object in cc:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  127.0.0.1 OBJS > REF_CaMetCukLswinOvygo2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Logged into object 'REF_CaMetCukLswinOvygo2'. Use 'w' to write eventual changes.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'comment' => '',
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'enddate' => 'May 16 00:00:00 2017 GMT',
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'fingerprint' => '8A:C2:68:3C:F0:E8:88:68:DB:6E:7C:DA:A0:75:39:44:12:51:11:31',
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'issuer' => 'C=uk, L=Abingdon, O=Sophos, CN=Sophos Proxy CA, emailAddress=sophos@sophos.co.uk',
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'issuer_hash' => '255c8b73',
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'name' => 'C=uk, L=Abingdon, O=Sophos, CN=Sophos Proxy CA, emailAddress=sophos@sophos.co.uk',
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'public_key_algorithm' => 'rsaEncryption',
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'serial' => '91B2C5B6F9E8C4EB',
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'startdate' => 'Mar 3 17:38:24 2014 GMT',
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'subject' => 'C=uk, L=Abingdon, O=Sophos, CN=Sophos Proxy CA, emailAddress=david.bullimore@vygon.co.uk',
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'subject_alt_names' => [
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'IP Address:127.0.0.1'
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   ],
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'subject_hash' => '255c8b73',
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'vpn_id' => '127.0.0.1',
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   'vpn_id_type' => 'ipv4_address'
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Support cases raised relating to the Cert Expiry notifications are falling into the following categories:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1)Certificate notifications being received for certificates that are not in use (e.g CAs that have been replaced, or are disabled)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2)Certificate notifications being received for certificates that are only used in unlicensed features
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3)Customer being unable to identify which certificate the notification relates to. (e,g the certificate name in the notification is 'pZPCUwGWou')
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4)Customer not being given any indication as to how to resolve the issue

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTM-4310
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM 9.35 SR3 (9.355)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Wrong count of ssh logins in summary in executive reports

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    At some point an Accu file could get broken and all reporting data of the last 30 days gets lost. Every 5 minutes the Reporter is updating the Accu file. If the file is not readable (because of being missing or corrupt) a new one is created and reporting starts from beginning.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTM-4971
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM 9.4 MR1 (9.402)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      High amount of country blocking changes are not available in the last webadmin changes view

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      In case you change 30 or more country's in the country blocking configuration it could be that you will not see the changes in the "Last Webadmin Changes" Tab.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The log line from the confd-client includes the complete array before and after the node change. Depending on how many members are in these arrays the logline buffer can be exceeded.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The maximum length of a logline are 1024 bytes minus 100 bytes for additional information. So there are 924 bytes left for the message.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      In case you have to change a huge amount of country's in the country blocking configuration, please do it in more then one step. Change some settings and apply the changes before you repeat the steps above to change the remaining country's.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTM-10002
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM 9.5 MR7 (9.509)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SG/XG devices may become inaccessible due to SSD firmware

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Problem
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Certain Sophos SG/XG appliances may become inaccessible except via serial console. In some cases a decrease in performance could be experienced (high disk usage/high load).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Symptom
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The serial console output shows the errors:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Reboot and Select proper Boot device

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Insert Boot Media in selected Boot device and press a key

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • I/O error on SDA

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • SQUASHFS error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The following appliances are affected by this issue. The issue is SSD firmware related so the UTM software does not change the issue.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Sophos XG Firewall, UTM, AP, RED: How to find the revision number

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Resolution
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If you have an SG or XG appliance that is experiencing issues like those shown above, please contact Sophos Support for further instructions.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If possible go ahead and make a backup with one of the below KBA's:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTM-9807
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM 9.5 MR4 (9.506)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Virtualization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Interface order may change after reboot for virtual UTMs on Hyper-V

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Following a reboot, the order of the interfaces on a virtual UTM on Hyper-V may change, breaking High Availability. This is a known issue due to the manner in which Microsoft manages interface naming in Hyper-V and UTM default behavior.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The solution for this issue is to export the Hyper-V assigned interface addressing to the internal UTM rules file. This sets the interface order as static on the UTM side to stay consistent with the Hyper-V side interface config.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Follow steps to resolve in KB132109: https://community.sophos.com/kb/en-us/132109

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTM-7783
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM 9.4 MR8 (9.411)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            httpproxy does not support non-HTTP traffic on port 80

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            UTM httpproxy will not handle non-HTTP traffic on port 80. Bypassing the IP address(s) by entering into the appropriate skip list is the recommended solution.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Adding the source IP of the host into the transparent skip list allows video streaming to work.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTML-11942
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM-V9 9.004 (pileus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus Engines
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Playing mp4 files on Safari browser is not possible while using AV scan

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Playing mp4 files on Safari browser is not possible while using AV scan.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Add an exception for sites / URLs which serve streaming media

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTML-11953
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM-V9 9.005 (radiatus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • VPN - IPsec
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                IP displayed instead of username when using NCP client with more than one remote networks

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                In case you configure a remote access IPsec connection with more than one local networks, you will find in the ipsec.log file that "username" is filled with the IP address instead of the real name of the user. This will also cause, that the IP of the User Network Object will not be set.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTML-11955
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM-V9 9.005 (radiatus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Reports exported to CSV files are incorrect with german localization

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  If you open reports exported to CSV files with Microsoft Excel (German localization) some percentages are displayed as dates. The problem here is that German Excel prefers to interpret 2.6 as 2nd of July since in Germany that number would have been written 2,6.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Import the file via the "Daten" menue and manually switch the type of those columns to "Text" instead of "Standard".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTML-11966
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM-V9 9.101 (floccus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Base System
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Huawei E392 LTE Stick not working properly
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTML-11975
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM-V9 9.104 (fractus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Network - Interfaces
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      VDSL reconnect results in RED 50 looping reconnects with Zyxel VMG1312-B30A Modem

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      After a VDSL reconnect the Zyxel Modem doesn't forward the UDP packets on port 3410 to the RED.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      This will result in a RED 50 reconnect loop.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      It could be that a new modem firmware solves the problem.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      http://hilfe.telekom.de/hsp/cms/content/HSP/de/3388/FAQ/theme-71990825/Geraete-und-Zubehoer/theme-2000178/DSL-Geraete/theme-535504220/Zyxel/theme-535505129/Zyxel-VMG-1312-B30A;jsessionid=FC2E4ACCF7242DAE3B72276DD4F2D0C2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Unfortunately we don't have feedback yet if this firmware solves the problem or not.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Another workaround is to disable and enable the PPPoE interface in the webadmin

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTML-11988
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM-V9 9.185 (partner_beta92_1)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Authentication fails with users in AD Nested Groups
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • The authentication services that support backend membership for groups, do not support nested groups

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • For Active Directory, LDAP and eDirectory the groups that are set in "Limit to backend group(s) membership" or have to contain the users directly

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • The UTM checks group membership directly by retrieving values of group membership attributes of a user object from the backend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTML-12033
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM-V9 9.205 (of_mice_and_men_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Appliance Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Power on issues on SG310 appliance

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          We are using ATX Power Supplies in our appliances, which have a power switch to turn it on or off.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          In case you do a shut-down using the LCD-Panel, WebAdmin or on the console, the system goes down and halts.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The Power Supply Unit still gets power, and provides low power to different components on the main board. This means that the system doesn�t completely power off.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          On a standard desktop computer for example, this is used to turn it on using the push button from the front panel.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          To turn the appliance on again, you have to switch off the power supply unit and wait roughly 10 seconds before you can power it on again.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          This is to protect components like capacitors or inductors, which have to discharge from delivering low voltage to the Motherboard.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTML-12034
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM-V9 9.206 (arcus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • WebSecurity - HTTP Reverse Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Broken quarantine report in OWA 2010 non light version

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If OWA is used for reading the quarantine report the email's in the preview window is broken because of the OWA's unique way of overriding CSS attributes. Workaround is to open the message (by double clicking).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            http://community.office365.com/en-us/f/158/t/74246.aspx

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTML-12039
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM-V9 9.208 (american_gods_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Transparent AD SSO user profile still matches if user is switched on workstation

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              In transparent mode, when a new user logs in immediately after another user has logged out, authentication caching may cause the UTM to recognize the new user as the previous user. The new user may be granted the same browsing policy, and may be logged as if they are the previous user. This can occur for up to five minutes, until the UTM refreshes its cache.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              If this delay in authentication is unacceptable in your environment, use standard mode rather than transparent mode.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTM-5754
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM 9.4 MR3 (9.405)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                OSPF 'Announce default route' doesn't work with IPv6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                OSPF Default Route Redistribution ('Announce default route') is not supported with IPv6 in the Sophos UTM. Only IPv4 is supported.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Utilize a 3rd party network device to announce IPv6 default routes.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTML-11998
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM-V9 9.192 (partner_beta92_4)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus Engines
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  AV scanning and ActiveSync

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Antivirus scanning does not work on Microsoft ActiveSync. The scanning fails because ActiveSync encodes the transferred data in formats which the Anti-virus engine does not understand.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTML-12100
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM-V9 9.351 (quaternary_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Web Protection - HTTP/S Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    removing cache, too many local copies

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    After an update the web proxy stops working. The proxy log '/var/log/http.log' shows the message "removing cache, too many local copies" and '/var/storage/cores' potentially contains one or more core dumps per minute.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    This points to a problem with the proxy startup and needs manual intervention.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Please contact support.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTML-12097
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM-V9 9.314 (thrud_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Transparent AD SSO - b_auth_failed_but_accepted_as_user_any

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP-Proxy only sends a 407 (authentication request) for requests which could be authenticated. This means, if the request matches any of the following criterias it will not be authenticated:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • HTTPS

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Non-browser Request

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Request that contains a query.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      In these cases the proxy looks up in its cache for last authenticated user from that IP address. If no cache record found it uses the "default" profile.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Send a simple HTTP request through browser to authenticate user. Any subsequent request from that IP address will use the authenticated user.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTML-12095
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM-V9 9.315 (hermod_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • High Availability - Cluster
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • High Availability - HA
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Network - Interfaces
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        It is not possible to deactivate HA Link Monitoring for LAG Interface

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        It is not possible to deactivate HA Link Monitoring for LAG Interface in WebAdmin.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Please contact support. It is possible to deactivate via the console.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTML-12094
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM-V9 9.315 (hermod_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Application Control
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Application control block for "Teamviewer" didn't work anymore

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Application control block for "Teamviewer" doesn't work when HTTP Proxy is enabled but Full SSL scanning is not enabled.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Enable Full SSL Scanning in the HTTP Proxy settings

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTML-12093
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM-V9 9.314 (thrud_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Endpoint Protection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Web Protection - HTTP/S Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Endpoint client matches wrong HTTP proxy filter action

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            In transparent mode, the UTM web proxy cannot challenge HTTPS requests for authentication. As endpoint web control filters HTTP requests, it is possible that a user will not be in the authentication cache and policy will fall back to policy based on the IP address. This can, for instance, block a site that the user is approved to visit.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            To work around this issue, use agent or browser authentication or bypass the specific HTTPS site on the UTM.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTML-12092
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM-V9 9.313 (nanna_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Email Protection - Encryption
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Attachments in SPX mails results in a winmail.dat file

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              After SPX encrypting messages coming from an MS Exchange server original mail attachments are packed into a winmail.dat file which then appears as an attachment of the encrypted PDF.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              This is a known issue with MS Exchange and their MS Rich-Text-Format depending on configuration.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              As a workaround the Exchange admin needs to disable RTF as follows:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1) Login in to the exchange server
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2) Open Exchange Management Console
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              3) Go to Orginization Configuration -> Hub Transport
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4) Select "Remote Domain" tab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              5) Go to the properties of the Default Domain
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              6) Select "Message Format" tab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              7) Now you can see the problem is "Determine by individual user setting"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              8) Change "Exchange rich-text-format to "Never use"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              9) Click Apply then OK
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10) Restart Microsoft Exchange Transport Server on every Hub transport server

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTML-12091
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM-V9 9.313 (nanna_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • WebSecurity - HTTP Reverse Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Problems with opening word documents from sharepoint via WAF in different browsers

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                If SharePoint is published through WAF with form-based reverse authentication enabled, opening Office documents doesn't work. Instead of the Office document the reverse authentication form template is shown.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Either disable SharePoint integration in the browser (then download the Office document, edit and re-upload it) or disable reverse authentication.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTML-12089
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM-V9 9.310 (fulla_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Email Protection - Encryption
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SPX reply portal removes original filename from attachments

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SPX: Uploading files to SPX reply portal while using IE10 or higher can cause that the filenames are overwritten by the complete local path.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Example: CUsersUsernameDesktopFilname.docx

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  You can disable this behavior in IE:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  IE -> Internet Options -> Security -> Internet -> Custom level
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Disable: "Include local directory path when uploading files to a server"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTML-12088
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM-V9 9.310 (fulla_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aua fails to handle passwords with umlaut for http proxy authentication

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Passwords containing non-ascii characters do not work in IE and FireFox when authenticating through the http proxy. Chrome works properly.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTML-12086
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM-V9 9.308 (gefjon_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Application Control
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Ultrasurf not being blocked by Application Control

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Application control block for "Ultrasurf" doesn't work when HTTP Proxy is enabled but Full SSL scanning is not enabled.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Enable Full SSL Scanning in the HTTP Proxy settings.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTML-12085
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM-V9 9.113 (spissatus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Email Protection - SMTP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        False error handling in smtp proxy while using callout recipient verification

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If a recipient validation callout fails (eg. resulting in error: "552 Requested mail action aborted: exceeded storage allocation") Exim only reports back "550 address unknown".
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        This is a design limitation of Exim.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NA

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTML-12081
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM-V9 9.308 (gefjon_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Web Protection - FTP Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Upload through ftp proxy don't work directly if the file is bigger then 150 MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          When using FTP to upload large files through the proxy, the client may not receive a 226 response code before it times out.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          If this occurs, it can be prevented by increasing the setting to a large timeout value for your FTP client.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTML-12079
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM-V9 9.308 (gefjon_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • [Backend/Devel] Basesystem
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Cannot query NTP peers from remote host

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Query UTM ntp service for peer info from remote host fails after update to 9.308.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NTP vulnerabilities, CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 introduced a configuration change in ntp.conf which prevents external peer lookup.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NA

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTML-12078
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM-V9 9.309 (gunnlod_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Webserver Protection - HTTP Reverse Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Official Microsoft Android RDP application didn't work with WAF

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The official Microsoft Android and iOS remote desktop (RDP) apps don't work with WAF. The apps fail with the following error message when trying to connect to a remote computer through WAF:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              We couldn't connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Error code: 0x3000008

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              No workaround possible other than configuring a DNAT rule to skip WAF completely.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTML-12077
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM-V9 9.305 (eir_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • WebSecurity - HTTP Reverse Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Upload of Eicar virus is possible with OWA Full when Silverlight is enabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Upload of Eicar virus is possible with OWA Full when Silverlight is enabled.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                OWA light + enabled silverlight -> it's not possible to upload a virus like eicar

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                OWA light + disabled silverlight -> it's not possible to upload a virus like eicar

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                OWA Full + disabled silverlight -> it's not possible to upload a virus like eicar

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                OWA Full + enabled silverlight -> it IS possible to upload a virus like eicar

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Don't use the combination of OWA Full + enabled silverlight on clients which have OWA access. In this combination it is not possible to scan for viruses because we can't scan for viruses in SOAP requests.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTML-12074
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM-V9 9.306 (freyr_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Web Protection - HTTP/S Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  https enduser message not shown in AD SSO mode

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Periodically an Internet Explorer user may not see an UTM generated block page when getting blocked from accessing https site. The user instead would see a generic IE error page. This is due to an issue within IE.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Hit Refresh in the browser to see the proper UTM block page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTML-12070
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM-V9 9.208 (american_gods_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • WebAdmin
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Script error issue with large Network Group objects

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    It is not possible to use large network group objects with over 200 items. Everything which exceeds 200 items in a group might be subject to script timeouts.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTML-12067
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM-V9 9.209 (virga_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Webserver Protection - HTTP Reverse Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Complete download from a webserver behind the WAF is not possible

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      It is not possible to download big files through the WAF. Neither mod_proxy nor the UTM-WAF modules were designed to handle a high amount of parallel large file uploads or downloads.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Please contact support.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTML-12066
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM-V9 9.210 (capillatus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • High Availability - Cluster
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • High Availability - HA
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Slave node in RESERVED mode with 9.304, although this mode never activated

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Sometimes during the upgrade from 9.2x to 9.3 it can happen on HA/cluster system that the slave node is going in RESERVED mode (although this feature isn't enabled in webadmin).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Output from "hs" on command line looks like this:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Current mode: HA MASTER with id 1 in state ACTIVE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        – Nodes ----------------------------------------------------------------------- MASTER: 1 Node1 198.19.250.1 9.210020 ACTIVE since Mon Dec 15 12:16:22 2014
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SLAVE: 2 Node2 198.19.250.2 9.304009 RESERVED since Mon Dec 15 13:36:03 2014
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        – Load -----------------------------------------------------------------------

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        To fix that issue, please reboot the master node. If that will not solve the problem, contact the support.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTML-12060
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM-V9 9.209 (virga_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • [Backend/Devel] WebAdmin
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • VPN - L2TP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Problem with display of "connected clients" in webadmin when using L2TP with Radius auth

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Connected L2TP VPN clients are not counted as 'connected clients' in the dashboard when using RADIUS/DHCP.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          But they are listed in the Remote Access reporting.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTML-12058
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SSO login on UTM devices not working if useraccount contains a '@'

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              In case the user name to login to the gatway manager contains a '@' sign (e.g. admin@sophos) the SSO login from the gateway manager to the UTMs will not work.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Don't use account containing a '@' sign in the username.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTML-12056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM-V9 9.209 (virga_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • [Frontend/GUI] User Portal
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Userportal - adding multiple addresses to whitelist/blacklist does not work

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                It is not possible to add multiple entries to the sender whitelist/blacklist in User Portal (SMTP) in one step.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                When a user accesses the User Portal, adds multiple entries to the sender whitelist/blacklist,
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                then leaves this page, only the first entered entry is saved. Others entered during the same
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                session are not saved and have to be re-entered.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Workaround:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Add one entry per session, browse to another tab, then come back to the whitelis/blackist tab,
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                enter another address and safe it again. Repeat this steps if needed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Steps to reproduce:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1. Login to User Portal
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2. Select Whitelist or Blacklist
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3. Add multiple entries and click green check box to save each entry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4. Change to a different tab (doesn't matter which)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5. Browse back to whitelist/blacklist tab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6. Issue occurs (only the first entered address appears, the rest are lost)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTML-12049
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM-V9 9.208 (american_gods_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Antivirus Engines
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Sophos Scanner runs in timeout

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  If scanning a mail takes longer than 2 minutes, cssd will time out and the mail will subsequently be quarantined with reason="unscannable" extra="AV Scanner unreachable".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTML-12043
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM-V9 9.209 (virga_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Webserver Protection - HTTP Reverse Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    RDWeb via WAF is not possible on customers site

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    We don't have protocol support for Microsoft's RDG-RPC protocol suite which they added with Windows Server 2012 (we only support the "old" MSRPC suite). Whenever such a RDG (2012) connection fails the log contains line stating
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    method="RDG_IN_DATA"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    or
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    method="RDG_OUT_DATA"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    it's a strong indication the lack of protocol support is causing the connection to fail. Currently, this cannot be mitigated using the WAF.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTML-12042
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM-V9 9.208 (american_gods_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Reporting: Graphs and values in mail reporting are inconsistent

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The graphs and values in the mail reporting are inconsistent due different time frames. The graphs reach back for 24 hours, whereas the report is generated live of "today".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTML-12041
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM-V9 9.305 (eir_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Appliance Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Network chipset 82574L ( UTM 220 rev 4/5, UTM 320 rev 4/5) :Detected Hardware Unit Hang / Reset adapter unexpectedly

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        For devices with an Intel 82574L network card chipset you might see messages like e1000e 0000:01:00.0 : Detected Hardware Unit Hang: or e1000e 0000:01:00.0 : Reset adapter unexpectedly in the kernel log.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        This chipset is also used in UTM 220 rev 4/5, UTM 320 rev 4/5.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Please ensure that PoE is disabled for the port the UTM is connected to.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTML-12038
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM-V9 9.206 (arcus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Failed login reported from wrong IP Address

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Sometimes when the message 'Failed to connect backend' appears
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          the next failed login is being reported as coming from the ip of the last successful login.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTML-12036
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM-V9 9.207 (duplicatus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • EmailSecurity - SMTP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Microsoft Exchange 2013 changed behavior of RCPT verification with callout

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Microsoft changed in the Exchange the behavior for its recipient verification. The Mailserver sends the "550" after "data" instead of after "rcpt to:" This is NOT RFC conform.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Use Recipient verification over Active Directory.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTML-12035
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM-V9 9.209 (virga_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Appliance Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Detected Hardware Unit Hang and Reset adapter unexpectedly still exists (82583V / UTM 120r5)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              If you notice the following log lines in kernel.log for this specific adapter type (82583V) on
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              a UTM120r5, please disabled ASPM in BIOS setup.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2014:09:11-15:09:24 utm kernel: [129844.820420] e1000e 0000:05:00.0 eth0: Detected Hardware Unit Hang:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2014:09:11-15:09:28 utm kernel: [129848.833045] e1000e 0000:05:00.0 eth0: Reset adapter unexpectedly

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Verify the adapter:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              utm:/root # lspci | grep Ethernet
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              02:00.0 Ethernet controller: Intel Corporation 82583V Gigabit Network Connection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              03:00.0 Ethernet controller: Intel Corporation 82583V Gigabit Network Connection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              04:00.0 Ethernet controller: Intel Corporation 82583V Gigabit Network Connection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              05:00.0 Ethernet controller: Intel Corporation 82583V Gigabit Network Connection

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Procedure:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Press DEL during UTM reboot - disable ASPM in BIOS at
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Advanced -> PCI Express Configuration -> Active State Power-Management

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Check that it worked:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              lspci -vvv | grep ASPM | grep LnkCtl

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              All entries have to be set to disabled.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              utm:/root # lspci -vvvv | grep LnkCtl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              LnkCtl: ASPM L0s L1 Disabled; RCB 64 bytes Disabled- Retrain- CommClk+
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              LnkCtl: ASPM L0s L1 Disabled; RCB 64 bytes Disabled- Retrain- CommClk+
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              LnkCtl: ASPM L0s L1 Disabled; RCB 64 bytes Disabled- Retrain- CommClk+
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              LnkCtl: ASPM L0s L1 Disabled; RCB 64 bytes Disabled- Retrain- CommClk+
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- Retrain- CommClk+
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- Retrain- CommClk+
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- Retrain- CommClk+
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- Retrain- CommClk+

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTML-12032
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM-V9 9.250 (alpha93_1)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Network - DHCP, DNS & NTP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                DynDNS: IPv6 limitations
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • The only services that support IPv6 are DYN & FreeDNS

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • The only strategy that supports IPv6 is 'interface' because the used web service only returns IPv4 addresses

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Both supported services, DYN & FreeDNS only supply A-records for their servers used in the Update-URLs: members.dyndns.org & freedns.afraid.org. That means customers need an IPv4-uplink for DynDNS, IPv6-only-uplink won't work.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • DYN always also sets the A-record to the public IPv4 of the request sender, even though an IPv6-address was supplied via the 'myip'-parameter in the Update-URL. That means it's not possible to set/update the AAAA-record only, it always also updates the A-record (to a possibly undesired value).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • The FreeDNS API only returns Update-URLs for A-records. That means trying to set an IPv6-address for an A-record converts the record type to AAAA and the A-record is lost. To workaround that, customers now can specify the corresponding FreeDNS Update-URL in the 'hostname' field in WebAdmin. For A & AAAA to work for the same hostname, two FreeDNS services, one A-only and one AAAA-only need to be created using the corresponding Update-URL as hostname.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                There is no workaround for API limitations of DynDNS services

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTML-12030
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM-V9 9.104 (fractus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Webadmin runs into timeout during lengthy report generation

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The WebAdmin runs into a timeout while the query is executed (timeout warnings may be displayed in WebAdmin). This may happen if it takes too long to generate the dashboard data which is derived from the database.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  none

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTML-12029
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM-V9 9.204 (incus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Web Protection - HTTP/S Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    http://www.zermatt.ch/Unterkunftsverzeichnis#/ does not load shelter list when http proxy is in transparent mode

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Sophos UTM does not currently support the Websocket protocol when in transparent mode.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Add an exception for the site at Web Protection > Filtering Options > Misc, under �Skip transparent mode destination hosts/nets�.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTML-12026
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM-V9 9.203 (velum_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      OTP is not useable when the password has numeric characters

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The UTM cannot determine if a 6-digit number at the end of the password is a passcode or the end of the password, so it takes it as the passcode.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      As a consequence OTP users cannot not have a password that ends in 6 digits.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Use a password without digits at the end

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTML-12025
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM-V9 9.201 (post92_ga_1)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Web Protection - HTTP/S Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Policy tester returns wrong group membership if local security groups are used (groups in groups)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If a user is a member of a local AD group that is sub-group of a global AD group, policy tester results for that user will be inconsistent with the actual behavior of the proxy profile.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        None

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTML-12024
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM-V9 9.203 (velum_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Webserver Protection - HTTP Reverse Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Outlook anywhere behind the WAF didn't work

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          If an Outlook Anywhere is behind the WAF and the test tool from microsoft (https://testconnectivity.microsoft.com/) is used you will get some errors in the output from the test tool.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          But there is no issue when you use the WAF config for the outlook client. Everything works fine and the error from the test tool can be ignored.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Independent from the error in the output of the microsoft test tool you can use the OA config for outlook on the clients.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTML-12014
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM-V9 9.000 (ga_9_000)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Virtualization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NIC ordering on VMWare not stable, might change if interface are added/removed

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If adding or removing NICs for VMWare instances, it can happen that the remaining interfaces change their names, so that they are not associated with the correct interface objects anymore.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTML-12007
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM-V9 9.109 (novonucleus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Argos information is not synced to cluster slave - http proxy requests cannot be authorized

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SAA client client information is not synced to slave node in HA/ Cluster setups.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              In HA setups (active/passive) clients using SAA client need to authenticate on master again after e.g. takeover is performed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              On cluster setups (active/active) the usage of SAA client will result in wrong profile matching when HTTP Proxy + SAA auth is in use, because authentication and proxy traffic may be handled on different nodes for the same client request.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NA

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTML-12004
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM-V9 9.194 (beta92_rc2)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • WebSecurity - HTTP Reverse Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Rev. Auth.: form auth fails with some browsers if path contains special characters

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Form based reverse authentication uses session cookies. The matching of cookie to paths in browsers seems to be implemented very inconsistently regarding escaping of special characters. In some cases authentication will fail because the cookie is not sent by the browser. E.g. when using Firefox and paths containing the single quote character '

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                The following special characters seem to be safe to use in URLs in all tested browsers: -._~!$&()+,=:@

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                We recommend limiting site paths using reverse authentication to using those characters (in addition to alpha numeric characters).

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTML-12002
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM-V9 9.107 (pannus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • WebSecurity - HTTP Reverse Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Eicar virus was uploaded althought the WAF said "Access denied with code 400"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Eicar virus was uploaded althought the WAF said "Access denied with code 400"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1) The file to be uploaded is split into several files and those files are uploaded separately. Even if the file as a whole is a detectable virus, the file segments - now each a file by themselves - could be clean in regards to AV scanning. This is a general problem for AV scanning, not specific for the WAF and cannot be solved the WAF either.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2) The file to be uploaded is wrapped in additional data which is used by the web page framework to carry meta data. From a WAF point of view, all of it is payload since every byte - no matter whether actual payload or meta data as seen by the web page framework - could be part of a virus. Hence, the whole stream is passed to AV scanning which then fails to extract the (potential) virus from the stream. Again, this is a general AV scanning problem which cannot be solved by the WAF.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTML-11979
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM-V9 9.105 (lacunosus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Authentication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    AD SSO fails on ReadOnly DC

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    If configured AD SSO against a ReadOnly DC on a UTM, SSO will fail. While the client tries to authenticate with kerberos you will get following errormessages in the http logfile: "gss_accept_sec_context: Decrypt integrity check failed"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Set the AD SSO server to ReadWrite mode or do the SSO against an ReadWrite Server.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTML-11973
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM-V9 9.103 (nebulosus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Appliance Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Reboot command from LCD panel doesn't work after initial installation

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      During the installation of UTM software on Sophos appliances, the LCD is used to show the installation status.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Other functions of the LCD program, don�t work during installation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The used base system / environment for the installer, is different as in normal operation and doesn�t offer all functions.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      When you use the LCD program or WebAdmin to shut down or reboot the appliance during normal operation, the system will do a clean shutdown before it reboots or halt.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The installer will always force the reboot instead.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      To reboot the appliance after installation, use the �Reboot� button on the final screen or press �CTRL + ALT + DEL�.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If you want to power off the appliance at the end of installation, you have to switch it off using the switch of the power supply.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTM-7656
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM 9.4 MR8 (9.411)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ULOGD coredumps in 9.411

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ULOG restarts with Coredumps .
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        This has no usual effect on any service or Neither this has any side effect ,as the ulogd recovers .

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The reason for the restarts could be because of the following reasons

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • IPv6 traffic

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Fragmented packets that are invalid and are dropped.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTM-7784
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM 9.4 MR9 (9.412)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Warn pages with category webmail didn't work as expected

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          This issue affects customer who wants to block/warn access to gmx.de or web.de for example.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          When you click proceed from a 'Warn', you are allowed to continue browsing the warned category for 30 minutes as long as:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • You stay on the domain you were 'warned' for - if you go to gmx.de (Web Mail) and then to hotmail.com (also Web Mail) you should see another warning because the two domains are different.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Or you follow a link or access another domain with the same category, in a way that the HTTP request references the original domain in the 'Referer' field. For example, if you go to hotmail.com and that page loads content from mail.live.com, you should not get another warning.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The problem with "webmail" is that they use a number of different domains that are categorized differently, presumably because they're used for different purposes. When you go to gmx.de, it's categorized as 'Web Mail' but redirects you to gmx.net, which is 'Internet Services. Once you have logged in, it then tries to load email content from 3c.gmx.net which is again categorized as 'Web Mail'. For some reason, there is no 'referer' header for, the UTM treat them as a new domain and try to return a warning. But because the request is for a background connection/API lookup and not a web page, the warn page never gets displayed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          In such cases you can work around the problem by re-categorizing 3c.gmx.net as 'Internet Services' locally, or by re-categorizing gmx.net as 'Web Mail' locally.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTM-7366
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM 9.35 MR1 (9.351)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Installation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Installer doesn't detect newly manufactured SG550/SG650 in 9.3x

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The newly manufactured SG550/650 design was changed. One memory module was moved to the other CPU (slot change). This results in the hardware detection seeing the "new" SG550/650 differently. This was changed in the 9.4 installer, but not in 9.3x.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTML-11877
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM-V9 8.950 (beta90_6)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • VPN - HTML5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              HTML5 VPN Webapps: Popups are disabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              HTML5 VPN Webapps: Popups are disabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              As of now, popups are blocked by the internal Firefox. The user will be informed when blocking has taken place.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTML-11880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM-V9 8.960 (beta90_7)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SAA user names are not displayed for IPS in the reports

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Reverse DNS and user are not displayed for ips in the reports

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                For IPS reverse DNS and Users (SAA) are not displayed by the inline report and in the executive report. Only the ip addresses are displayed.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTML-12101
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM-V9 9.351 (quaternary_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Daily Executive Report type PDF does not include IPS or ATP section if they are empty

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Daily Executive Report type PDF does not include IPS or ATP section if they are empty.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Use HTML only version.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTML-12011
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM-V9 9.200 (ga_9_200)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Virtualization
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    [Hyper-V] No link status reported with 'tulip' driver (legacy NICs)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Legacy network adapters are not supported in Hyper-V.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    From:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    https://technet.microsoft.com/en-us/library/cc770380.aspx

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    The legacy network adapter requires processing in the management operating system that is not required by the network adapter. We recommend that you use the legacy network adapter only to perform a network-based installation or when the guest operating system does not support the network adapter.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTML-11948
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM-V9 9.070 (beta91_3)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Network Protection - Loadbalancing & QoS
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Uplink balancing: PING for monitoring via type UDP is always sent over the first active Interface (->all interfaces may go down)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If the monitoring type "UDP" is used for uplink balancing, the uplink may be continuously toggled if the first uplink interface is down.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If possible, try to use monitoring via TCP or PING.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTML-12069
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM-V9 9.303 (saga_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Wireless Protection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Bridge with a Wifi interface and some other Ethernet doesn't work after Update to v9.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Wifi Traffic is not processed correctly from the separate Zone interface to the LAN in a bridge which is setup between a LAN and a separate Zone interface.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTML-11885
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM-V9 8.970 (beta90_rc1)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • AUA
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Backend Membership groups limited to AD Users do not work

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          The backend membership authentication didn't work if limited to Active Directory users, only when limited to Active Directory groups.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          For example Authentication failed for user ads_test3 when using the following LDAP string:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CN=ads_test3,CN=Users,DC=auth2k8r2,DC=qa
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          but it worked when using the following LDAP string:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CN=ads_group1,CN=Users,DC=auth2k8r2,DC=qa

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          (User ads_test3 is a member of the ads_group1)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTML-11984
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM-V9 9.308 (gefjon_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Kernel
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MAC addresses are not rewritten correctly if DNAT is configured on bridge interfaces

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The UTM doesn't send the radius packets to the radius server if the AP and the radius server are in the same network and if there is bridge configured on the UTM including this network.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Put the bridge interface into the promiscuous mode.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Example: ifconfig br0 promisc

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Please note: You have the enable the promiscuous mode again after an UTM reboot.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTML-11999
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM-V9 9.193 (beta92_rc1)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Webserver Protection - HTTP Reverse Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              wrong HTTP/S redirect using multiple vhosts with wildcard domains and subdomains

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Using HTTP to HTTPS redirection in combination with wilcard domains could lead to using the wrong virtual webserver.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Example:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • virtual webserver A

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • HTTPS, HTTP->HTTPS redirection enabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • wildcard certificate

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • domains: *.mydomain, sub.mydomain

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • real webserver: real1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • virtual webserver B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • HTTPS

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • domain: main.mydomain

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • real webserver: real2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The request http://main.mydomain is correctly redirected to https://main.mydomain. Afterwards the request https://main.mydomain is answered by the wrong real webserver, real2 instead of real1.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTML-12045
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM-V9 9.280 (rc93_1)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Network - Interfaces
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                UMTS modem: UTM needs reboot to detect device after installation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTML-11987
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM-V9 9.180 (beta92_4)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Network Protection - IPS and C&C
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ips: the changes of the rule counters in the attack pattern tab are only visible when reloading the tab

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  The rule counters in the IPS Attack Pattern Tab are not updated instantly when changing the rule age.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Reload the Attack Pattern Tab

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTML-11866
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM-V9 8.920 (beta90_3)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Web Protection - HTTP/S Proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    HTML5 VPN: Websocket error when accessing User Portal via HTTPS proxy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    When the HTML5 VPN portal is accessed via a HTTP proxy that intercepts SSL
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    connections, the HTML5 VPN portal doesn't work. The user gets a popup error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    message "Websocket Error".

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    You can only work-around this issue on the HTTP proxy side. If the HTTP proxy
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    is under your control, you need to configure a SSL interception bypass for
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    the address of the HTML5 VPN portal.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTML-11936
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM-V9 9.003 (opacus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • EmailSecurity - Encryption
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      S/MIME verification doesn't work for users having different certs for verification and encryption

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Incoming mails which have different certificates for signature and mail encryption cannot be verified/decrypted.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Internal Storage can only hold one certificate for a remote user, due to this the verification/decryption fails if different certificates are used.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      -

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTML-12037
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM-V9 9.207 (duplicatus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Wireless Protection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        [NUTM-1141] Change behavior how NAC enforce WiFi connections

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The desired functionality or behaviour can be achieved by setting the mac filter type to "Black list" in SSID configuration. In this case only, the black listed mac group and non-complaint devices are blocked. Other complaint and non-managed devices are able to join the wireless Network.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        However, the default behaviour is set to block everything expect complaint devices, so that more security is achieved.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTML-12001
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM-V9 9.100 (ga_9_100)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • High Availability - Cluster
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          [NUTM-407] Up2Date button can be used before all up2date packages are distributed to all nodes

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Up2Date button can be pressed before all Up2Date packages have been distributed to all nodes.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          If you want to be sure that all packages have been distributed:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Login with ssh and check on all nodes in /var/up2date/sys that the Up2Date package had been distributed. If it is available on all nodes you can press the Up2Date button.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTML-12083
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM-V9 9.309 (gunnlod_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Appliance Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SG210 - FlexiPort NIP-51084 not recognized

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            How to do hardware changes to a cluster:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1) Power down all nodes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2) Do hardware changes (module addition/removal/changes)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3) Power up master
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            4) Power up worker and slav node

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If this is done differently there is high chance that cluster is in inconsistent hardware state. This can result in strange behavior.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTML-11879
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM-V9 8.960 (beta90_7)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • VPN - IPsec
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              User "m�ller" can't log in via Cisco VPN Clien

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Users with non-ASCII characters (for example m�ller) can't login via Cisco VPN. In aua.log, the username is garbled like: m��lle

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2012:05:22-11:05:36 ich10 aua[22278]: id="3005" severity="warn" sys="System" su
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              b="auth" name="Authentication failed" srcip="10.x.x.x" user="m��lle" caller
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              ="REF_IpsRoaForAdminToInter" reason="DENIED"

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTML-11883
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM-V9 8.970 (beta90_rc1)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Reporting
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Websecurity reporting does not work for IPv6 address URLs

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Websecurity reporting does not work for IPv6 address URLs

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                If an request contains an IPv6 address in the URL host part, this request does not show up in the websecurity reporting.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTML-11939
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM-V9 9.004 (pileus_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Application Control
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Facebook options like facebook post are not blocked until you select 'Facebook'

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Enabling a sub-category of 'Facebook' without enabling 'Facebook' itself will not work and will allow access to the sub-categories, although these are checked.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Workaround: sub-categories of 'Facebook' can only be blocked when 'Facebook' is enabled itself.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTML-11863
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM-V9 8.920 (beta90_3)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • VPN - HTML5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Username cannot be left blank for SSH connection type

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "Automatic login" for the SSH connection type in the HTML5 VPN Portal is not checked - Username cannot be left blank.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NUTML-11992
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • UTM-V9 9.191 (partner_beta92_3.1)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • SUM
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Import of a filter action omits entries for blocked / allowed websites
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NUTML-12090
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • UTM-V9 9.310 (fulla_9)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Network - DHCP, DNS & NTP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        webadmin does not check hostname in a host object (network definition)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        From a DNS point of view, the hostnames "hostname" and "hostname." (note the '.') denote the same host. The UTM does not regard these as being equal. It is therefore possible to configure two different hosts, which resolve to the same hostname. This is an invalid BIND configuarion and will prevent BIND from starting.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Workaround is to not have a host in both styles, but use either the notation with, or without dot.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        NUTM-6318
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UTM 9.4 MR5 (9.408)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Whitelist/blacklist object can't be recreated if filter action not saved

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          If an administrator creates a whitelist/blacklist object within a Web Filter action, but then doesn't save the filter action (eg. clicks Cancel), another whitelist/blacklist object with the same name cannot be created in any other filter action.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          When attempting to create one, an error appears: "The whitelist/blacklist object with the same name '(name)' already exists.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          This issue can be resolved manually by deleting the object via the backend, as follows:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NUTM-6199
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UTM 9.4 MR5 (9.408)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Sandstorm
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Sandstorm parentproxy not available for license without WebProtection

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Customers using Sandstorm only in conjunction with Email Protection can not configure a parent proxy on the Webadmin GUI. The missing WebProtection license disables the required pages in the Webgui.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            If a parent proxy is required, because no direct connection to the Internet is allowed, the proxy can be set using the cc cli-utility
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cc -> http
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            The variables are:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • parent_proxy_host$

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • parent_proxy_port$

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • parent_proxy_status$

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            NUTM-5734
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UTM 9.4 SR2 (9.406)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Logging & Reporting, View Log Files, Search Log Files, Filter issue

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              407s are deliberately suppressed because they can create a bunch of noise that is not useful in most cases. That is also the cause why it is not possible to search for specific http status codes (407 for example) - You can search logs on the back-end.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              NUTM-5460
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • UTM 9.4 MR3 (9.405)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Checksum errors while using svn checkouts through proxy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SVN issue with pipeline requests

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                user@system:~/Downloads/Test$ svn checkout http://svn.apache.org/repos/asf/spamassassin/trunk/rules /home/tottie/Downloads/Test/
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                A 30_text_de.cf
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                svn: E200014: Prüfsummenfehler für »/home/tottie/Downloads/Test/25_dcc.cf«:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Expected: 5415b271d2bc689ac76d97e230518d49
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                actual: f7ff14025e549b7b45afcf78cc3ad6f2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Our httpproxy, like most proxies in the market, does not support pipeline requests.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NUTM-5346
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • UTM 9.4 MR3 (9.405)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Network
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SOCKS Proxy with Auth failed for Skype

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Skype is sending the password with null characters in the string, which is not supported by our SOCKS proxy. The SOCKS proxy expects cleartext strings.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NUTM-4404
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UTM 9.35 SR1 (9.352)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Web
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Tranparent skiplist with additional address of UTM as destintation host doesn't work

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Requests goign to URLs, which resolve to a local address on the UTM, can't skip the transparent proxy. Even if it is added to the "transparent skiplist" as desination host, the request will still be intercepted by the transparent proxy.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    None.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Wireless

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Last updated: 27 Oct 2022 - 08:52:56
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Key Affected versions Fix versions Components Summary Description Workaround
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    CWIFI-13041
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Wireless Product Tab not available on the central admin

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        If the central account is hosted in new regions, the Central Wireless Product is unavailable, and there are no plans to make it available in the new regions. When customers create an account in central, in a new region, they will face a message describing which products are available. A warning message describing a wireless product does not yet have a plan or date for when new regions will be supported.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CWIFI-12586
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Leibniz 2.3.2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Only the first 50 entries of the device page will be exported into the CSV file

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Currently there is a limitation which leads to the issue that only the first 50 entries will be exported to CSV irrespective of the number of clients.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Development threads this as a feature request and will address it in future releases. But there is no ETA yet for this.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          N/A

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CWIFI-12119
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Cloud Platform
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Users trying to access the captive portal page to authenticate using Social Media credentials receive an error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              The connection of the captive portal page delivered by the access point is secured by a self-signed certificate.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Most browsers will deliver a warning message about this.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Some browsers allow the user to override this warning message and proceed with the connection to the captive portal page.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Other browsers do not allow this, making it impossible for the user to access the captive portal page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              You may try with another browser which would provide you an option to proceed further.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              CWIFI-12204
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Leibniz 2.3.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • AP Hardware
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • AP Software
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Legacy AP's will brick when Interrupted during Firmware upgrade.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Following AP models might brick when a firmware update is interrupted due to a power loss: AP 15,15C,55,55C,100,100C and 100X.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.Making sure that there will be no power outage during the upgrade process.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.If a power outage were to happen and AP's get bricked, The recovery process is very simple, by using the below URL the recovery tool can be downloaded and the process is also explained on the same page - https://support.sophos.com/support/s/article/KB-000039314?language=en_US
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                P.S: After recovery, the previous config will be retained so the AP can be used straight away.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CWIFI-11442
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Leibniz 2.2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • AP Software
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Data limit Set on Voucher doesn't restrict new download/connection after quota expire

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Wireless client connected on Sophos AP/APX managed by Sophos Central Wireless might able to access more data then define on voucher.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Sophos AP/APX sends period update of data usage on voucher to Sophos Central at every 4.5 minutes. In worst case user may get free access to internet for maximum 4.5 minute over mentioned 'Access time/Data Limit' on voucher.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CWIFI-10529
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Leibniz 2.2.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Leibniz 2.6.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • AP Software
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Legacy issue: Devices fail to disconnect from AP when Connected SSID is removed from AP

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Devices fail to disconnect from the AP when the Connected SSID is removed from the AP.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Clients like Macbook Air, Android Phone, Dell laptop with Linux are still showing as connected to the AP when connected SSID is removed from AP page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  On the clients WiFi page, it still shows the device as connected and with an connected IP address.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Disconnect the client.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CWIFI-9933
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Leibniz 1.16.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Cloud_2018.22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Leibniz 2.4.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Client Vendor filter not working as expected

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Attempting to filter connected clients by Vendor only works for the first 8 characters entered. If more than this are entered into the filter then 0 results are returned.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Significant improvements are planned for the filtering in Central Wifi later in 2019 at which point we expect this behaviour to be resolved

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CWIFI-9048
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Leibniz 2.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Cloud_2018.28
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Dynamic Vlan with sync security is not supported but is user configureable

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      There is no work around for this at the moment. Dynamic and Sync security should not be enabled on the same SSID.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CWIFI-9244
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Cloud_2018.28
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        User is able to enable Sync security on an SSID which is assigned to AP platforms(AP100,AP55,AP15) though the functionality is only supported in APX

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Sync security feature is not supported for AP platforms but user can edit the SSID assigned to the AP platforms and can enable the sync security feature.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        This can create a issue in mixed platform environment where the SSID is part of both APX and AP platforms in a network. There would be different behavior when the AP roams from APX to AP platforms.  

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        There is no work around for this. User should not enable the Sync security on a SSID which is assigned to AP platforms.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CWIFI-9526
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • AP Software
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SSIDs are not getting broadcasted when mesh is established between APX and legacy AP platform.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SSIDs are not getting broadcasted on 5GHz when mesh is established between APX and legacy AP platform.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Steps:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            This is a known limitation.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CWIFI-9527
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • AP Software
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Usage graphs are only updated every 20 minutes

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Usage graphs are only updated every 20 minutes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Steps:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                lient details including Usage graphs are shown and updated every 20 minutes..

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CWIFI-9101
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Leibniz 2.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Cloud_2018.31
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • AP Software
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SSID information sometimes not updated immediately under clients page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Sometimes Current Network(SSID) under Accesspoint->Clients-> is displayed wrongly. Current Network info does not get updated immediately in Cloud UI , so there could be entry of previously connected SSID instead of current one. It takes around 4 to 5 minutes for the proper information to be updated under clients page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                There is no workaround for this.User has to wait for around 5 minutes from the time clients gets connected to the SSID for the proper UI update under Accesspoint->Clients->.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CWIFI-8657
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Leibniz 2.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • AP Software
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Discrepancy between APX320 and APX530/740 in LED behavior during hard reset.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  No workaround for this. In all the APX platform if reset button is pressed for about 8 to 10sec APX goes for reboot and if the reset button pressed for more than 15 sec it goes for config wipe out.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CWIFI-9098
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • AP Software
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If the MacOS has both Mobile SMC and Endpoint, the status keep toggling if one of them has RED status

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      This in case where MacOS has both Mobile SMC and Endpoint, If Mobile Says "Red" and the Endpoint says "Green", the Status keeps on toggling so is the change in clients functionality.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      There is no workaround for this. MacOS should have either Mobile SMC or Endpoint software not the both.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CWIFI-9245
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Leibniz 2.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • AP Software
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Blocked page will be rendered first time for clients in "Red" state when trying to access Sophos friendly white listed URLs

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Refreshing the page again will allow the access of Sophos friendly white listed URLs.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CWIFI-7237
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Leibniz 1.15.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • AP Software
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          In a roaming scenario client MAC entries will be present in old AP as well as in new roamed AP.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          When a client roams from one AP to another, clients MAC entry will be present in old AP as well as in the new roamed AP in UI ( under Accesspoint->Client page). Ideally the client MAC entry should be present only in new roamed AP and entry in older AP should be removed when it roams to new AP.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          There is no workaround for this. Client MAC entry in older AP will be removed after 5 minutes and there will not be any effect on AP functionality. This is only a UI issue.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CWIFI-8420
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Cloud_2018.03
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Leibniz 2.1.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Cloud Platform
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Search by Mac address shows duplicate results in client page when first 2 bytes of MAC is used for search.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Under clients page when we search for client using first 2 bytes Mac address , duplicate entries of the same client can be seen.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Use 3 bytes or more of the clients Mac address in search option under clinets page.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          CWIFI-4201
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Background automatic channel selection

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Currently, background automatic channel selection is not working. This means that an AP will not switch a channel even if it becomes too crowded or has too much interference.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                CWIFI-4310
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      MESH interoperability when manually selecting channels and channel bandwidth

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      To make sure that MESH works between APs, you need to ensure that the APs which should be part of the MESH network are broadcasting on the same channel and use the same channel bandwidth. Manual channel selection is highly recommended.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      CWIFI-4261
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Recommendation: schedule firmware updates to be applied daily or weekly

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            As we'll be shipping frequent updates, we would recommend to schedule firmware updates to happen daily or weekly. If you set it to monthly you might be missing out for a long time!

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            CWIFI-4496
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Manual interaction required when upgrading a Mesh network to version 1.3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  See https://community.sophos.com/sophoswireless/b/sophos_wireless_blog/archive/2016/08/10/manual-action-required-for-mesh-networks-in-upcoming-ap-firmware-release-1-3 for details.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  This is a one-time effort and is not needed for future releases. There won't be a fix for this.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • connect the repeater AP to an ethernet connection

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • reboot/power cycle the AP

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • wait for the AP to have the correct firmware applied

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • disconnect the repeater AP from ethernet

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • power cycle the AP

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  CWIFI-4202
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        UTM wireless firmwares used for flashing have a chance of bricking the AP

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The AP firmware that is on UTM <= 9.404 has firmware that does not have the reliability improvements that we've added to the firmware update process in later firmware releases.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        This means that the firmware update has a higher chance of failing and rendering the APs non-functional.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Please make sure to not unplug an AP after it has been registered by the Cloud until it is shown as online in the Cloud.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        CWIFI-4254
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • AP Software
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Cloud Platform
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • UI
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            UI: trying to register multiple APs in parallel sometimes fails

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Due to an UI issue, whenever you try to register more than one AP in the Wizard, the UI might show an error even though the registration works. Unfortunately, this affects a common workflow: a new customer wants to set up multiple APs in one go.