Hello Sophos,
can we still expect the XG V18 MR 3 this week ?
[locked by: FloSupport at 4:35 PM (GMT -7) on 13 Oct 2020]
Hello Sophos,
can we still expect the XG V18 MR 3 this week ?
Update: SFOS v18 MR3 has been released
Please see - https://community.sophos.com/xg-firewall/b/blog/posts/xg-firewall-v18-mr3
Hi All,
Here's the latest update:
As with any release for XG Firewall, ensuring high quality and a great customer experience is our top priority with MR3. For this reason, we generally do not make timing commitments for Maintenance Releases and only publish them once they meet our high quality standards. MR3 is a substantial release, integrating a number of security and performance enhancements as well as a significant number of fixes. We know there is high anticipation amongst partners and customers for many of these enhancements and are working as fast as possible to get it into their hands. We expect to release it next week but as mentioned, quality is our top priority and that will determine the release timing.
Got an email for the new release but the link is broken.
Hi XG Community! We've released a new build of XG Firewall v18 MR-3. Enhancements in v18 MR-3 Security enhancements: Several security and hardening enhancements - including SSMK (secure storage master key) for the encryption of sensitive data.... more
SNORT 3 has been in Beta for so long that we had to decide to go for the latest shipping and supported version. I know it may seem like it should be the case, but it's not a matter of dropping in a binary or a library. SNORT is a very tightly integrated and customised component of SFOS, V3 is on our radar but not in the near future.
Choose an AD group that will constantly synced with the XG. I can import groups and the including members, but if I remove a user from the group at AD, the access at the XG is not removed. At least this is my last experience a few MR's ago.
XG will not delete the user in this phase. It will simply authenticate this user in the next authentication phase. So if the user is removed from a group or inactive in AD, XG will try to talk to the AD. AD will tell XG the current status.
If the user is placed on XG, does not matter, as XG will not grant access without the matching group and the correct password.
__________________________________________________________________________________________________________________
XG will not delete the user in this phase. It will simply authenticate this user in the next authentication phase. So if the user is removed from a group or inactive in AD, XG will try to talk to the AD. AD will tell XG the current status.
If the user is placed on XG, does not matter, as XG will not grant access without the matching group and the correct password.
__________________________________________________________________________________________________________________
But from what I understand, removing a user from an ad group should only put him back to the default group. Therefor the user will be able to access the user portal, even when not having any permission assign inside the default group, am I correct?
This is something I would love to see, like in Sophos SG, so being able to specify group membership for such firewall services and don't sync users, that could not authenticate against the firewall based on the permission scope, if you understand what I mean ;)