Sophos Firewall release notes (2024)

Version 18.5 MR5 Build 509

Released on December 08, 2022

New features

This page describes the new features introduced. For details, see the help.

Malware engine: Upgraded the malware scan engines and associated components to a full 64-bit operation to ensure optimum performance and future support.

  • Avira: The vendor of the second malware scan engine, Avira, won't provide detection updates in the current 32-bit form after December 31, 2022.
    • Avira has been upgraded to the latest 64-bit AVD engine on the firewall. We recommend that customers using dual scan mode or Avira as the primary engine upgrade to one of the following versions as soon as possible:
      • 19.5.x
      • 19.0 MR1 and later
      • 18.5 MR5
    • If you can't upgrade, we recommend switching to just the Sophos engine for email and web malware scanning.
  • Sophos engine: Customers using only the Sophos engine aren't affected.
  • RED unlock code: The RED provisioning server sends the unlock code to the email address specified on System services > RED when you add a RED device or delete it from the firewall. See the knowledgebase article Pop-up message and email for the RED unlock code.

Version 18.5 MR4 Build 418

Released on June 15, 2022

New features

This page describes the new features introduced. For details, see the help.

  • Multicast forwarding:
    • Introduced support for controlling the time-to-live (TTL) value in static multicast route forwarding. This can prevent multicast traffic from getting dropped because of expired TTL value at the time of forwarding. You can use the following CLI command: set routing multicast-decrement-ttl
    • Increased the default multicast group limit to 250 to support more OSPF neighbors. You can change the multicast group limit using the following CLI command: set routing multicast-group-limit
  • Cellular WAN: Added QMI driver support for Cellular WAN.
  • Logs: Improved log file handling and CSC logging for better troubleshooting.
  • Zero-day protection: An additional data center location for cloud-based machine learning file analysis is now available in the Asia-Pacific region in Sydney, Australia.
  • Introduced several important security, performance, and reliability enhancements.

End-of-life

SSL VPN client: The legacy SSL VPN client reached end-of-life on January 31, 2022. It doesn't appear for download on the user portal any longer. Users can download the Sophos Connect client instead. See End-of-Life for Sophos SSL VPN client.

Version 18.5 MR3 Build 408

Released on March 24, 2022

New features

This page describes the new features introduced. For details, see the help.

DHCP options

You can configure DHCP IPv4 options and the boot server on the web admin console. This is in addition to the existing ability to configure it on the CLI.

When you configure Sophos Firewall as the DHCP server, you can also add DHCP and boot options to provide configuration parameters to DHCP clients. You can add custom and predefined DHCP options.

Enhancements

The version includes the following enhancements:

  • Anti-spam engine: For anti-spam scanning, Email protection now uses the Sophos Anti-Spam Interface (SASI) in place of the anti-spam engine. SASI is already in use in Sophos Email. If you see false positives or false negatives, see how to submit a sample.
  • Kernel dump: The firewall generates kernel dump reporting when there's a kernel crash, enabling improved root cause analysis and troubleshooting.

Version 18.5 MR2 Build 380

Released on November 29, 2021

Important point to consider before you upgrade to v18.5 MR2

An upgrade to 18.5 MR2 refreshes the firewall certificate used by endpoints to send a heartbeat to the firewall. To make sure that endpoints can download the refreshed certificate from Sophos Central after the firewall is upgraded to 18.5 MR2, see Security Heartbeat connection issue with 18.5 MR2.

FIPS 140-2 certification

You can configure Sophos Firewall to use a cryptography library that is certified for the Federal Information Processing Standard 140-2 (FIPS 140-2) level 1 for the following appliances:

  • XGS series hardware
  • Virtual machines

IPsec VPN

  • IPsec VPN: Introduced support for GCM and suite-B ciphers for IPsec VPN. AES-GCM for IPsec significantly improves IPsec VPN performance.
  • Remote access IPsec: Increased the maximum idle time-out to 6 hours for IPsec remote access connections.
  • Route-based VPN: For route-based VPN connections with source NAT rules, MASQ now carries the xfrm IP address on the inner IP header and the WAN IP address on the outer header.

Authentication

  • MFA with Time-based OTP (TOTP):
    • We added MFA support for the built-in "admin" account and alert notifications for all administrator accounts not using MFA.
    • We added the token initialization process for signing in to the web admin console as well as for existing users signing in to the user portal.
    • We streamlined the MFA experience with easy-to-find and configure MFA settings on the web admin console.
    • We removed the ability to view existing OTP secrets and QR codes for token recovery. Lost tokens must be deleted and re-initialized through the sign-in process.
  • Users: Enhanced view of multiple group membership for Active Directory users. The web admin console now shows all the groups a user belongs to.

Certificates

  • Removed the ability to download private keys for CSRs and uploaded certificates. So, you can't use CSRs and private keys generated on Sophos Firewall for external systems. You need to use other methods, such as tools built into operating systems.
  • Shown useful information about the different types of certificate authorities.
  • Made it easy to find locally-added certificates and certificates with private keys.
  • Made it easy to copy or download a certificate's public key to check and confirm.

Consolidated Troubleshooting Report (CTR)

  • Introduced the ability to capture the complete troubleshooting logs, including log file rotation in the CTR.
  • Introduced the ability to generate the CTR from the backend.
  • Eliminated time-out and console freeze during CTR generation.

Usability

  • Sophos Assistant: Introduced Sophos Assistant, a new interactive help on the web admin console. The help flows guide you, making it easier to complete complex configurations.
  • IPv6 web categorization for HTTPS requests: HTTPS requests that connect directly to an IPv6 address will now have the “IP address” web category instead of “Invalid URL”. This impacts both TLS policy selection and logging, and makes IPv6 connections consistent with how equivalent IPv4 connections are treated.
  • Sophos Central: Introduced credential-free registration for Sophos Central.
  • TLS exclusions: Added new domains to the TLS exclusion list: gotowebinar, ava.expertcity.com, cdn-apple, mzstatic, zoom.us, device.login.microsoftonline.com.
  • ISO reimaging: Introduced visual indication of the status of ISO reimaging as follows:
    • XGS Series desktop hardware: Status LEDs in the front.
    • Other XGS Series hardware: On-device LCD screen.
  • DDNS: Added support for Cloudflare DDNS provider.
  • IPS switch: Added a global switch on Intrusion Prevention > IPS policies to turn on or turn off IPS protection. If you're currently using IPS, the switch is automatically set to On when you migrate to 18.5 MR2.
  • Installation wizard: Provided a default option for a 2-port bridge rather than the previous single bridge configuration for all ports.

Enhancements

The enhancements introduced in 18.5 MR2 are as follows:

  • Xstream Flow Processor driver update related to performance optimizations. The update is mandatory for XGS 4300, XGS 4500, XGS 5500, and XGS 6500 appliances.
  • Upgraded JQuery to version 3.5.0.
  • Introduced hardware reset on XGS 87 and XGS 107 appliances. Press and hold the hardware reset button to perform a factory reset to help recover from a bad configuration.
  • The names of physical and virtual interfaces, wireless networks, and IP tunnels can't start with the system-reserved names, such as "port", "eth", and "ge" any longer.

Version 18.5 MR1-1 Build 365

Released on October 21, 2021

As part of the continual refinement of our hardware products, this release optimizes performance for the XGS 4300, XGS 4500, XGS 5500, and XGS 6500 models through an Xstream Flow Processor driver update.

This release doesn't include any other updates.

  • The Xstream Flow Processor driver update related to performance optimization is mandatory for XGS 4300, XGS 4500, XGS 5500, and XGS 6500.

This release is available only to customers with these models. We recommend that all customers with these models apply this update as soon as possible.

18.5 MR1-1 is not available for other XGS Series models, XG Series models, or virtual and cloud deployments.

Version 18.5 MR1 Build 326

Released on August 10, 2021

Available on all form factors

Sophos Firewall OS 18.5 MR1 is available on all form factors as follows:

  • XGS Series firewalls
  • XG Series firewalls
  • SG Series firewalls
  • Virtual and software appliances
  • Cloud platforms

18.5 MR1 supports the new Sophos Central Orchestration capabilities and many important security fixes and enhancements.

Central Orchestration subscription

The subscription is included in the new Xstream Protection license bundle and offers the following features:

  • Central SD-WAN VPN Orchestration: Offers easy point-and-click site-to-site VPN orchestration from Sophos Central, automatically configuring the required tunnels and firewall access rules for the SD-WAN overlay network you want.
  • Central Firewall Reporting Advanced: Offers 30-day data retention for full multiple firewall reporting in Sophos Central with access to all pre-packaged reports and flexible, custom report capabilities. You can save, schedule, and export your reports.
  • Sophos MTR (Managed Threat Response) and XDR (Extended Detection and Response) connector: Allows us to use the Sophos Firewall intelligence and data as part of our Managed Threat Response 24/7 service. Alternatively, you can manage it as a cross-product, extended detection and response solution.

Other features and enhancements

  • Upgrading through Sophos Central: You can schedule firmware upgrades from Sophos Central for XG Series firewalls 18.0 MR3 and later.
  • DPI mode: Improved network performance for TLS traffic in DPI mode is now available for all form factors of Sophos Firewall.
  • Resolved FragAttack vulnerabilities: We resolved these vulnerabilities recently discovered in the Wi-Fi specification for all internal and add-on Wi-Fi modules for XG series desktop series appliances. All other updates will follow as outlined in this advisory.
  • Enhanced backup and restore: We've improved backup and restore operations across different models with accurate mapping of the management ports. Additionally, you can restore backups from 18.0 MR5 and earlier to 18.5 MR1. For more information, see the upgrade information section in this set of release notes.
  • XGS Series reset button: You can press and hold the hardware reset button on XGS Series appliances (XGS 116 and higher models) to reset the firewall to factory configuration. You can use this for troubleshooting and to recover from a bad configuration.
  • VPN tunnel logging: Improved logging for VPN tunnel flap events and IPsec IKEv2 rekeying.
  • Sophos DDNS (myfirewall.co): We're discontinuing Sophos DDNS from January 31, 2022 and won't support new registrations for it from 18.5 MR1. For more information, see Discontinuing Sophos DDNS myfirewall.co.

Version 18.5 GA Build 289

Released on June 02, 2021

Launched new XGS Series hardware models

Sophos Firewall OS version 18.5 GA build 289 launches the XGS Series 1UL and 2U appliance models.

XGS Series models

  • 1UL models: XGS 4300, XGS 4500
  • 2U models: XGS 5500, XGS 6500

These models are in addition to the recently launched desktop and 1US models.

For the licensing, compatibility, and configuration details, see build 264 under previous versions.

For more information, see Compare models. Alternatively, contact your Sophos Partner.

Version 18.5 Build 264

Released on April 19, 2021

New features

This section contains the new features for 18.5 GA.

Flexibility and performance enhancements

  • Version 18.0 delivered a data plane with a Virtual FastPath (VFP) to allow the offloading of trusted and previously security-verified traffic, using the same x86 CPU for the offloaded traffic. On the XGS Series, after inspecting the initial packets in a flow, the x86 CPU offloads trusted traffic to the Xstream FastPath, which runs on the Xstream Flow Processor and is specifically designed for FastPath operations.
  • The Xstream Flow Processor delivers and retrieves packets directly to and from the DPI engine's main memory. These enhancements deliver a significant increase in the overall network performance with a 5x improvement in latency with the zero-copy operation and up to a 5x increase in SSL/TLS decryption performance versus the previous hardware models.
  • The Xstream architecture saves cycles of the x86 clock by lowering memory bandwidth usage and allowing both processors to update the cache.
  • Port density and diversity: XGS Series appliances offer an increased number of fixed ports and include some new port connectivity, such as Power over Ethernet (PoE), which is now built-in on some desktop models. They also offer a broad range of Flexi Port modules and add-on options to adapt and extend connectivity.

Licensing

  • XGS Series standalone hardware purchases include the Base License.
  • A new, simplified license scheme with two bundle options and à la carte license options are available for these devices. For more information, see Sophos Firewall.

XGS Series models

  • Desktop models: XGS 87(w), XGS 107(w), XGS 116(w), XGS 126(w), XGS 136(w)
  • 1US models: XGS 2100, XGS 2300, XGS 3100, XGS 3300
  • 1UL models: These will be released shortly.
  • 2U models: These will be released shortly.

For more information, see Compare models. Alternatively, contact your Sophos Partner.

Compatibility

The following accessories, software, and components are compatible with Sophos Firewall OS running on XGS Series hardware:

  • SD-RED devices.
  • RED 15, RED 15w, and RED 50.
  • APX Series access points.
  • Legacy access points: Both XGS and XG Series appliances support AP 100X.
  • Clients, such as the Sophos Connect client, STAS.
  • XGS 116w, XGS 126w, and XGS 136w models include a modular bay for an optional 3G/4G module.
  • XGS 116w, XGS 126w, and XGS 136w support an optional second Wi-Fi 5 module.
  • Wi-Fi models support Wi-Fi 5 and include a single radio for 2.4 or 5 GHz.
  • The SFP VDSL2 module is compatible with all XGS and XG Series appliances with an SFP (small form-factor pluggable) port.
  • A range of optional transceivers, including SFP and SFP+ is also available and is compatible with the XGS and XG Series models.

SFOS running on XGS Series hardware does not support the following accessories and components:

  • APX 320X is currently not supported in SFOS on any platform. It is supported only in Sophos Central.
  • Legacy access points: AP 15, AP 15C, AP 55, AP 55C, AP 100, AP 100C, AP 5, AP 10, AP 30, AP 50
  • Flexi Port modules for XG Series hardware models.
  • Desktop 3G/4G and Wi-Fi modules for XG Series hardware.

Backup and restore

  • You can take configuration backups from the following versions and devices and restore them on XGS Series appliances:
    • SFOS: Version 17.5 MR15 and earlier and version 18.0 MR4 and earlier.
    • Cyberoam devices (running CROS and SFOS).
    • SG devices (running SFOS).
  • The shipped firmware version of SFOS on XGS Series appliances is a pre-production release of version 18.5 and does not allow you to restore configuration backups from the latest SFOS versions (17.5 MR15 and 18.0 MR4). You must first update the firmware to SFOS 18.5 GA before attempting to restore a configuration backup from one of these versions. The setup wizard will take you through the mandatory firmware upgrade to 18.5 GA. If the mandatory firmware upgrade in the wizard is skipped for some reason, when you sign in to the web admin console, a popup message appears asking you to upgrade to 18.5 GA. After the upgrade, you can restore backups from Backup and firmware > Backup and restore.
  • You can restore backups from earlier versions of SFOS (17.5 MR14 and earlier, 18.0 MR3 and earlier) to the shipped firmware on the device through the setup wizard. However, we recommend upgrading the appliance to the GA release of 18.5 as part of the setup.
  • To take a backup and restore the configuration between XG Series and XGS Series appliances, see Backup-restore compatibility check.

Firmware and configuration

  • SFLoader: The option to load firmware using SFLoader isn't available for the XGS Series appliances.
  • High availability: You can't configure an HA pair using a combination of XGS and XG Series appliances. An HA pair requires the same firmware and hardware revision on both devices.
  • Sandstorm protection has been renamed Zero-Day Protection to better reflect the features and benefits in the new licensing scheme launching with the XGS Series.

Product name change for XG Firewall

  • The product formerly known as Sophos XG Firewall has been renamed Sophos Firewall. Sophos Firewall is the new overarching name for our core firewall product.
  • The OS continues to be named Sophos Firewall OS (SFOS).
  • Both XG Series and XGS Series appliances will be available for purchase with Sophos Firewall OS.
  • Version 18.5 for XG Series hardware, virtual, software, and cloud deployments is expected to be available shortly.

Resolved issues

Version 18.5 MR5 Build 509

Fixed issues, listed by ID, description, explanation and Workaround.
Issue ID Component Description
NC-108213 API Framework, UI Framework Post-auth code injection (CVE-2022-3696).
NC-107999 IPS Ruleset Management HA cluster configuration fails, and the auxiliary device isn't ready when Network License isn't present.
NC-107453 WAF WAF rules not working after HA failover.
NC-107327 WAF Upgrade ModSecurity and OWASP CRS to the latest version.
NC-106811 Email Anti-spam service fails. Unable to start anti-spam service.
NC-106608 IPsec Duplicate SAs being created.
NC-106424 API Framework, UI Framework A code injection vulnerability allowing remote code execution was discovered in the user portal and web admin console. We released the hotfixes for this issue. See Resolved RCE in Sophos Firewall (CVE-2022-3236).
NC-103037 XGS BSP Failsafe issue due to NPU failure.
NC-102979 Backup-Restore Backup restore fails from XG 310 to XG 230.
NC-102919 Static Routing Static routes lost at the backend on the primary device in QuickHA.
NC-102771 Authentication XFOS Migration Users unable to authenticate through CAA.
NC-102737 SSLVPN Site-to-site and remote access SSL VPN not working since SSL VPN service is stuck in busy status.
NC-101713 Logging Framework PG trigger entry not present for sign-in events when on-box reporting is off.
NC-101703 CDB-CFR, CM Unable to open the firewall web admin console from Sophos Central after turning on "Send reports and logs to Sophos Central" and "Send configuration backups to Sophos Central" on the firewall.
NC-101326 SSLVPN OS command injection through SSL VPN configuration upload (CVE-2022-3226).
NC-101046 IPS-DAQ A specific website doesn't open in Firefox browser when SSL/TLS inspection is on due to the OCSP Must Staple extension.
NC-101021 Date/Time Zone Time zone change allowed in Sophos Central on HA devices.
NC-100716 FQDN Ipset sporadically not created for wildcard FQDN host.
NC-100707 IPsec Wrong source IP address in IPsec routes.
NC-100334 WAF Virtual host not removed if WAF rule is turned off.
NC-100325 WAF Update API JSON fields for encrypted WAF secrets.
NC-99962 Wireless Adjacent code injection in Wi-Fi controller (CVE-2022-3713).
NC-99247 SSLVPN Unable to download SSL VPN site-to-site server configuration.
NC-99152 Logging Framework Central reporting failed to initiate the mmap case when queue limit reached with no central connectivity.
NC-98576 IPS Ruleset Management IPS pattern fails to update. Error shows get_ips_switch_status: Unable to get network license status.
NC-97753 IPS Engine, IPS Policy Unable to Upgrade to 19 from 18.0.4. Duplicate configuration disable_decode_alerts in tblconfiguration table.
NC-95353 Static Routing Static route to RED disappears in XGS (HA) with a restart.
NC-95197 RED Appliance auto-restarts frequently in a day or two.
NC-94734 IPsec PPPoE isn't connecting after random disconnect event if xfrm interface is created on PPPoE.
NC-94603 IPsec IPsec tunnels flapping continuously.
NC-94418 Logging Framework (Central Reporting) Reporting and logging to Sophos Central stops randomly.
NC-94019 Wireless Wrong MAC-aging time for bridge interface Guest AP.
NC-93847 Authentication Stored XSS in import group wizard (CVE-2022-3709).
NC-92131 IPS-DAQ-NSE Unable to upload a large file with SSL/TLS inspection turned on in do-not-decrypt mode.
NC-90247 IPsec IPsec VPN failback isn't working.
NC-88628 RED RED UDP packets are forwarded to auxiliary device after HA switchover.
NC-86937 VFP-Firewall Memory utilization increases continuously.
NC-86819 Firmware Management, Licensing AWS instance stuck while starting it.
NC-85961 Authentication Guest user is created on secondary appliance and not on primary appliance randomly.
NC-84750 IPsec Auxiliary node sporadically receives IPsec packets.
NC-84142 Backup-Restore Unable to delete VLAN interface.
NC-81219 CM HA zero downtime upgrade isn't supported if firmware upgrade is scheduled on central management.
NC-74241 CaptivePortal Stored XSS through captive portal customization (CVE-2022-4238).

Version 18.5 MR4 Build 418

Fixed issues, listed by ID, description, explanation and Workaround.
Issue ID Component Description
NC-91295 Firewall Zones' tab is empty after deleting a zone created on the second page.
NC-90702 Email SASI detection problems when too many hits are returned.
NC-90548 SD-WAN routing API call to ON/OFF SD-WAN route does the opposite in 18.0.
NC-90024 Firewall Can't restore a backup or migrate when multiple local ACL rules are configured.
NC-89996 Logging IPS policy redirection issue from Log viewer.
NC-89401 XGS BSP Firmware upgrade from 18.5 MR.1 to 18.5. MR.2 or 18.5 MR.3 failed.
NC-89218 Core Utils Resolved post-auth shell injection in the web admin console through OpenSSL (CVE-2022-1292).
NC-89162 Firewall AutoReboot 0010:queued_spin_lock_slowpath+0x148/0x170.
NC-89091 API framework Resolved multiple post-auth SQLi vulnerabilities in Webadmin (CVE-2022-1807).
NC-89079 CM fwcm-eventd agent is not listening to the IP address UP event.
NC-88404 IPsec Tunnel didn't come up automatically after an HA appliance was restarted.
NC-88207 Firmware Management Firmware update fails when space is used in filename.
NC-87665 API framework, UI framework Pre-auth RCE (CVE-2022-1040).
NC-87659 Wireless Legacy AP roaming key decryption fails when fast transition is turned on.
NC-87596 SSLVPN Site-to-site and remote access SSL VPN didn't work.
NC-87240 Email Avira engine error with axpx files.
NC-86690 SD-WAN routing SD-WAN FTP proxy traffic isn't working with transparent proxy.
NC-86451 IPS-DAQ-NSE Unable to access web server through the firewall. SSL/TLS inspection error shown: "Dropped due to TLS internal error"."
NC-86249 IPsec The "ANY" object in Strongswan doesn't equate to any IP address.
NC-86093 Firewall Duplicate firewall rule group for the same set of firewall rules.
NC-85547 CaptivePortal Sign-in message and sign-out option aren't showing up with custom captive portal.
NC-85423 SNMP Kernel crash on XG125 with SNMP high memory consumption.
NC-85412 PPPoE PPPoE issue on 18.5 MR2.
NC-85383 IPsec Unable to connect using IPsec remote access due to invalid .scx file.
NC-85346 Email Smarthost authentication failed. Password decryption issue.
NC-85151 Authentication Firewall moved to a group on Sophos Central is added to the group, but complete synchronization fails with the message "Failed because of Invalid Parameters".
NC-84951 Network Utils Route lookup on Diagnostics doesn't give results to any routes on the web admin console.
NC-84604 Wireless Unable to restore backup from SG230 to XGS2300 due to access point database issue.
NC-84231 Core Utils Receiving a duplicate copy of the same executive schedule reports.
NC-84218 Web Can't turn on OTP for admin user that isn't user ID 3.
NC-83662 Web Alert message on Users page for administrator accounts unprotected by multi-factor authentication shows a number that needs explanation.
NC-83584 WebInSnort IPS segfault in libnsg_tcphold_preproc.
NC-83581 Gateway Management Spelling correction is needed for the command session persistence.
NC-83470 Firewall, VFP-Firewall Unable to handle kernel NULL pointer dereference at 0000000000000003 in XG750 during connection rate test.
NC-83469 SSL VPN Dashboard doesn't reflect remote users’ details.
NC-83445 IPsec Constant IPsec flapping for VPNs pushed through Sophos Central SD-WAN orchestration.
NC-83392 CM (Join to Cloud) Backup isn't generated with [] brackets.
NC-83366 SD-WAN routing Turning off captcha on VPN zone isn't for RBVPN with SD-WAN routing.
NC-83347 Email, FQDN Not able to add lx63.hoststar.hosting to email server under notification settings.
NC-83177 IPS ruleset management Unable to toggle IPS switch in 18.5 MR2.
NC-83065 IPsec System-generated traffic is impacted when route precedence is set to VPN and remote subnet to "Any".
NC-82972 CSC HA active-active appliance stopped responding.
NC-82566 Firewall Kernel crash after update to 18.5 MR2 - RIP:0010:_raw_read_lock_bh+0x14/0x30.
NC-82332 Firewall Kernel panic - unable to handle kernel NULL pointer "ip_route_me_harder".
NC-82225 HA Unable to establish HA correctly on fiber ports.
NC-82215 Firewall Device freeze issue (0010:queued_spin_lock_slowpath+0x14b/0x170).
NC-81956 WebInSnort HTTP and HTTPS traffic to internal server on 8080 is dropped by IPS tcphold.
NC-81944 IPsec WWAN doesn't connect after a random disconnect event if XFRM interface is created on WWAN.
NC-81768 Backup-Restore Backup couldn't be restored because of a duplicate key.
NC-81517 Firewall Policy test for firewall isn't showing the correct results.
NC-81492 Interface management Networkd service is dead, causing network outage.
NC-81430 CM, UI framework User portal host injection.
NC-81298 Authentication User authentication issue with captive portal.
NC-81234 Logging framework Incorrect unit in live connections.
NC-81207 IPsec Error while updating any VPN tunnel configuration.
NC-81155 SNMP Duplicate entry in MIB file.
NC-81131 Reporting Last access time isn't generated when a user's username has XSS payload.
NC-81069 Email Import fails for the entity "MtaBlockedSenders".
NC-80660 DHCP DHCP IP lease issue.
NC-80178 Email Error related to UTF-8 characters.
NC-80114 IPsec Exported configuration with VPN connection shows no encryption component.
NC-80042 RED Unable to update system-host for RED tunnels.
NC-79667 Email SPX encrypted email body information is missing.
NC-79468 Authentication Outdated users stuck in Live Users.
NC-79417 Web SSL/TLS rules can't be seen on the web admin console.
NC-79361 Backup-Restore Unable to import backup due to tblconfiguration issue.
NC-79354 Web skein segfault in connect_to_server.
NC-79128 IPsec Memory increase to 90 percent over 20-25 days.
NC-78646 Backup-Restore Firmware upgrade fails due to unique index.
NC-78563 WAF WAF doesn't redirect the page to the proper domain when multiple domains are listed in the WAF rule.
NC-78406 IPsec XFRM interface is shown as turned off even when the corresponding route-based VPN tunnel is connected and established.
NC-78356 IPsec Clientless Bookmark to SSH server doesn't connect over site-to-site IPsec connection.
NC-78292 Web Users aren't authenticated with Kerberos if they're members of a large number of groups.
NC-77175 Email Email attachment stripped when SPX is applied.
NC-76960 IPS-DAQ IPS service didn't start due to DAQ.
NC-76758 IPS-DAQ-NSE Some TLS flows are delayed through a specific service provider.
NC-76046 Authentication Maximum length for RADIUS server's shared secret.
NC-74847 Web Snort crashes with segfault due to a blank conf file.
NC-74228 Email Can't display quarantine due to \x1E? in the subject.
NC-73975 Firewall FP fw_fp_track_conn and fw_fp_reclaim_conn errors seen during httperf conn rate test - (flow 2).
NC-73873 SNMP SNMPD crash in netsnmp_add_varbind_to_cache.
NC-73682 SD-WAN routing ping: sendto: Operation not permitted when the network is part of a policy route.
NC-72341 Backup-Restore Unable to restore backup from CR50iNG to XG230.
NC-71761 Security Resolved multiple XSS vulnerabilities (CVE-2021-25267).
NC-71484 Authentication Password change places the user outside the group under SSL VPN profile.
NC-71379 Email MTA doesn't provide the full certificate chain.
NC-69997 Email Notification test email has the wrong encoded subject when the web admin console language is set to Traditional Chinese or Simplified Chinese.
NC-66163 Email Report received with garbled characters.
NC-62696 Logging framework Sentry reported a crash.
NC-55945 Authentication Value of average live user in the users' graph of Diagnostics shouldn't be a floating point.
NC-51929 DDNS DDNS doesn't apply to some new gTLD.
NRF-517 RED SD-RED60: LAN switch VLAN configuration is lost after some time.
NRF-509 Firmware AP not registering through RED15w tunnel.

Version 18.5 MR3 Build 408

Fixed issues, listed by ID, description, explanation and Workaround.
Issue ID Component Description
NC-89162 Firewall Appliance restarts automatically.
NC-87165 Core Utils Fixed OpenSSL DoS vulnerability (CVE-2022-0778).
NC-85549 Wireless SFOS becomes unresponsive after a restart if time-based SSID is configured.
NC-85339 Security Resolved multiple XSS vulnerabilities through company name (CVE-2021-25268).
NC-84281 Authentication Status column isn't shown on Authentication > Users.
NC-84158 Web Sophos Central signs out XG Series Firewall administrator when the Add button for Users is clicked.
NC-83584 WebInSnort IPS fault causing users to disconnect at peak users.
NC-83430 RED RED causing massive network traffic after upgrading to 18.5 MR2.
NC-83159 CM Serial number visibility.
NC-82340 NFP-Firewall XGS 4500 kernel crash.
NC-82042 IPS-DAQ-NSE Veeam agent unable to connect with the Veeam server when SSL TLS inspection is on.
NC-81974 IPS-DAQ Snort soft lockup and device restart.
NC-81492 Interface management Networkd service is down causing network outage.
NC-80669 Reporting Deadlocks on report databases due to large amount of data, causing system instability.
NC-80660 DHCP DHCP IP lease issue.
NC-80027 Reporting Configuration doesn't migrate during upgrade due to duplicate table entry.
NC-79695 SSL VPN SSL VPN site-to-site server connection file doesn't download.
NC-79417 Web SSL/TLS rules can't be seen on the web admin console.
NC-79178/NC-82999 VFP-Firewall XGS 4500 restarting due to hard drive issue.
NC-79128 IPsec Memory usage increases to 90 percent over 20-25 days.
NC-78294 Authentication CAA client repeatedly sends "Administrator disconnected you" message to users.
NC-78127 Certificates Unable to upload CA certificate.
NC-74847 Web Snort crashing with a segfault due to a blank conf file.
NAF-53 Firmware Mesh APX restarts randomly, creating internet outages.
NRF-517 RED SD-RED 60: LAN switch VLAN configuration is lost after some time.
NRF-509 Firmware AP not registering through RED 15w tunnel.

Version 18.5 MR2 Build 380

Fixed issues, listed by ID, description, explanation and Workaround.
Issue ID Component Description
NC-80101 Central management Garner service remained in busy status.
NC-79943 IPS engine IPS service was down.
NC-79452 XGS BSP Slow upload speed for XGS 2100 over 1G interfaces with 100 Mbps speed.
NC-79404 Reporting Log viewer wasn't returning results from /var/eventlogs/.
NC-79386 IPS ruleset management Incorrect signature date shown on the IPS policy screen after migration.
NC-79335 IPS ruleset management Incorrect placement of icon for loading IPS signatures.
NC-79110 Firewall Couldn't restore backup from 17.5 MR16 to 18.0 MR6.
NC-79029 IPS engine IPS was restarting with core dump.
NC-78572 Firewall Constant restart of XG 750 HA pair.
NC-78512 RED Split networks weren't reachable from the RED network for one RED device.
NC-77938 IPsec Unable to deactivate the failover group.
NC-77771 VFP-Firewall Kernel panic: Unable to handle kernel paging request at ffff88036e000000.
NC-77729 IPsec IPsec tunnel not reconnecting after PPPoE reconnects.
NC-77289 Security, Web db testpass wasn't always encrypted correctly.
NC-77026 Security Heartbeat Heartbeat authenticated users get disconnected.
NC-76742 Firewall XG Series appliance goes into failsafe mode after backup is uploaded.
NC-76521 Firewall Firewall ID doesn't appear in the ID column.
NC-76400 IPsec Apple iOS IPsec VPN client configuration issue.
NC-76041 Web XGS 6500: AVD thread count anomaly.
NC-75990 IPsec IPsec tunnel not coming up until service restarts.
NC-75870 HA QuickHA page stops responding. The administrator isn't able to close it.
NC-75844 HA Traffic issues in HA active-active mode.
NC-75783 Authentication LDAP authentication with anonymous sign-in wasn't working.
NC-75543 IPsec Tunnel wasn't established because traffic was passing through an incorrect interface.
NC-75269 Backup and restore Firmware didn't upgrade from 18.0 MR4 to 18.0 MR5 in HA pair.
NC-75175 RED RED service didn't restart because of corrupt entry in tblreddevice.
NC-75159 IPsec IPsec failover wasn't working and required deactivating and then reactivating the failover group to bring the tunnel up.
NC-75030 IPsec Charon crash in adopt_children_job.c execute.
NC-74891 IPsec Email notifications received for auxiliary device in HA active-passive mode.
NC-74864 IPsec Unable to download VPN iOS profile from the user portal when authentication type is certificate for the Sophos Connect client.
NC-74791 Email Quarantine digest sends email 6 minutes earlier than the configured time.
NC-74735 HA The auxiliary device restarts during HA failover.
NC-74603 Firewall Log for denied attempt to sign in to the web admin console shows the destination port as custom port.
NC-74593 Logging framework (Central reporting) Reports for the last one hour didn't load in the report generator.
NC-74101 Email Email delivery issue due to a Brazilian character.
NC-73926 HA Unable to access websites sometimes with HA active-active load balancing.
NC-73800 WebInSnort Websites blocked when custom application control policy was applied.
NC-73703 IPsec Unable to connect to the Sophos Connect client because of incorrect preshared key in KVM HA setup.
NC-73617 Static routing Mandatory setting requirement when deleting static route through API.
NC-73089 VFP-Firewall Ports not added to LAG.
NC-73004 SSLVPN CVE-2020-15078 patch for OpenVPN 2.3.6.
NC-72955 Logging framework Log viewer stopped working when active.db was damaged.
NC-72949 IPS-DAQ Print jobs weren't working with the DPI engine.
NC-72934 IPsec Child SA disconnected when the idle setting was turned on in the Sophos Connect client.
NC-72920 IPsec xfrm packet loss on route-based IPsec VPN.
NC-72851 Application filter policy Importing application filter policy changed the rules and their list of applications when any of the rules had selected Cloud application under Characteristics.
NC-72694 Web SSL/TLS inspection didn't work for SMTP.
NC-72664 Authentication XG Series appliance wasn't initiating a request to AD server on port 6677 after the appliance was restarted.
NC-72545 Support access Duplicate support access ID was created during backup-restore.
NC-72492 Authentication Guest users who had received a password once were later unable to get the password through SMS.
NC-71595 Firewall DNAT rule wasn't working after migration from CROS to SFOS 17.5 MR15.
NC-71555 Email Getting certificate-related error when accessing the Outlook client with POP3 scanning rule configured on XG Series appliance.
NC-71216 WebInSnort Unable to access Microsoft TFS (Team Foundation Server) hosted on LAN network through SSL VPN.
NC-70909 HA Service monitor failure results in an alert since the HA auxiliary device was shut down.
NC-70877 Authentication Expired guest users received an SMS with a blank password.
NC-70863 Email Unable to delete quarantined email.
NC-70783 RED Web admin console access to the primary HA device was lost when a RED interface was saved.
NC-70733 WWAN USB Dongle Huawei E8372 wasn't reconnecting after a power cycle.
NC-70568 Firmware management Executive reports for the auxiliary device weren't received over email in time.
NC-70320 IPsec Unable to make changes when Organizational Units (OU) are present.
NC-70251 IPS engine IPS service was down after enabling HA active-passive mode.
NC-70243 Reporting Report generation stopped after January 1, 2021.
NC-70067 Central management (Join to Cloud) Central registration alert didn't disappear after registration.
NC-70057 Network Utilities Intermittent WAN connectivity issue for firewall running on Azure.
NC-70041 SSL VPN Incorrect count for remote users and connected users.
NC-70030 WebInSnort Unable to show username using the custom block Page with the DPI engine.
NC-69993 IPsec All IPsec tunnels were down, dead gateway detection stopped, and gateway was missing after 30 minutes.
NC-69945 Web Awarrenhttp was down.
NC-69456 Firewall The firewall went into failsafe mode after restoring a backup.
NC-69335 IPsec Unable to delete an IPsec connection on the second page of the connection list.
NC-69314 IPS-DAQ-NSE Connection dropped due to TLS engine error.
NC-69303 IPsec IPsec connection configured with certificate doesn't connect.
NC-69286 VFP-Firewall ICMP times out when firewall acceleration is turned on.
NC-69111 Authentication Unable to export remote users from XG Series appliance.
NC-68979 Email Korean language is broken in the body of email that's encrypted with SPX.
NC-68839 SSL VPN All users aren't able to download the Sophos connect client from the user portal.
NC-68614 RED SD-RED UI doesn't show LTE support.
NC-68531 IPsec Showing an error when configuring remote access IPsec VPN.
NC-68461 IPsec Kernel panic issue.
NC-68324 SD-WAN routing FTP data connection issue with SD-WAN policy route.
NC-68277 RED RED site-to-site tunnel failover doesn't always work.
NC-68263 UI framework Unable to access the web admin console at times.
NC-68228 Configuration migration framework High disk utilization.
NC-68226 WebInSnort Google website not opening with DPI engine and application control.
NC-68194 Web Unable to reset web quota.
NC-68187 DDNS Unknown error while generating DynDNS IP address.
NC-68176 Email Not possible to use special characters in the password for an external email notification server.
NC-67997 Authentication csd service is in stopped status.
NC-67952 IPsec ESP sequence number mismatch.
NC-67803 Logging framework Live connection page wasn't loading.
NC-67761 CSC System start fails when a large number of users are included in a single firewall rule.
NC-67675 HA The firewall goes into failsafe mode if an interface is added in discover mode when HA is enabled.
NC-67606 Email Unable to update certificate in SMTP TLS settings using API.
NC-67340 RED All the RED 50s disconnect.
NC-66980 VFP-Firewall The firewall restarts because of kernel panic.
NC-66966 Web Unable to sign in to cPanel server with direct proxy.
NC-66194 Email High CPU utilization by mail scanner.
NC-66087 Authentication Active Directory group import failed in XG series appliance using 18.0.
NC-66068 Email DKIM signing not taking place for out-of-office, non-delivery reports, and bounced emails.
NC-65831 Email The same email is shown for a different filter in the mail log.
NC-65567 RED Split networks aren't reachable if settings are changed in transparent/split mode.
NC-65533 Email Misleading message in notification settings for external mail server.
NC-65200 Clientless access No key recognition after pressing the Windows key in clientless access.
NC-65198 Email False positive for CCL with the term "credit card" in the body.
NC-64973 CSC Split networks weren't reachable if the definition name contained special characters.
NC-63872 Email DKIM verification was applied to outbound emails, and emails were getting quarantined.
NC-63177 IPS-DAQ-NSE DPI causing issue with SSL 2.0 client hello.
NC-62880 Logging framework Sentry reported coredump in crformatter_free_data.
NC-62245 Authentication OTP settings can't add groups as Organizational Units (OUs).
NC-62169 Wireless Wireless APs aren't able to lease IP addresses in separate zone.
NC-62120 Interface management Couldn't restore backup to a different appliance.
NC-61909 API framework Mapping issue for i18n configuration and actual configuration name.
NC-60855 Web Unable to restore backup from CROS 10.6.6 MR5 to 17.5 MR12.
NC-54523 Email Yahoo email account configured in email client wasn't working with IMAPS scanning.
NC-54308 Email HSTS not offered on port 8094.
NC-50232 Wireless Built-in wireless stops broadcasting for LocalWiFi.
NAF-53 Firmware Mesh APX device restarts at times, stopping internet access.
NRF-517 RED SD-RED 60 loses VLAN configuration after RED pattern update to 3.0.006.
NRF-509 Firmware AP isn't registering through the RED 15w tunnel.

Version 18.5 MR1 Build 326

Fixed issues, listed by ID, description, explanation and Workaround.
Issue ID Component Description
NC-69584 Authentication, SSL VPN Missing remote user details on Monitor and Analyze > Current activities.
NC-76446 WAF SSL VPN doesn't work if it uses the port as WAF.
NC-73734 Date and time zone Incorrect time zone in reports because /etc/timezone isn't updated after restoring a backup configuration.
NC-73699 SSL VPN User configuration file isn't updated when user reconnects after an update to the permitted LAN networks.
NC-73665 Email Empty source/host field for email exceptions if you save and reopen the exception.
NC-73542 Email DKIM signing broken in Exim 4.94.
NC-72494 Firewall When multiple packets are sent from the same origin to the same destination at the same time, the first packets are dropped.
NC-72153 Firewall When FastPath is turned on, VLAN on bridge doesn't allow traffic.
NC-71922 Firewall XGS 6500 restarts automatically.
NC-71473 Firewall CLI shows the non-existent PortB4 in custom SNAT rule.
NC-71033 Firmware Management For VM, applied the mandatory firmware, but the device didn't restart.
NC-70461 Firewall rule IPv6 host group doesn't show an IPv6 address match when a network host is added to the host group.
NC-69558 Firewall Unexpected restart of the primary device in an active-passive cluster.
NC-69495 Firewall Frequent restart of an XG 210 device.
NC-66067 Firewall rule Firewall rule filter for Unused status doesn't work.
NC-58370 Firewall When users sign out, the event clears the firewall rule fields in conntrack for connections using network-based rules and packets drop.
NC-72076 HA HA synchronization failure resulted in empty directory.
NC-68595 HA Unable to establish HA using QuickHA mode.
NC-72311 Hotspot Hotspot user is signed in with the previous password of the day.
NC-69937 Hotspot Inconsistent hotspot voucher support for number of devices per voucher.
NC-71126 Interface management Unable to add an alias to DMZ and LAN interfaces. Shows time-out error.
NC-73379 Policy routing RTP stream forwarded to WAN instead of VPN.
NC-71333 Policy routing Incoming VPN traffic doesn't follow SD-WAN policy route.
NC-71151 QoS Unable to add or edit users when there's a traffic shaping policy with the name None.
NC-71996 SNMP SNMPD memory usage increases until it fails.
NC-73687 SSL VPN For remote access SSL VPN, push_reply packet doesn't include permitted LAN networks that have been updated.
NC-71198 Synchronized Application Control Web admin console stops responding because of Synchronized Security application.
NC-71443 WAF WAF license warning even when WAF subscription exists.
NRF-486 RED 3G/4G module not working on RED 20 (Verizon).
NRF-431 RED RED tunnel is up, but traffic isn't passing through SD-RED 60.
NAF-53 Firmware Mesh APX restarts, stopping internet access for users.

Version 18.5 GA Build 289

Resolved issues, listed by ID, description, explanation and Workaround.
Issue ID Component Description
NC-69344 IPS-DAQ-NSE Bandwidth loss for TLS connections in DPI mode.
NC-70718 Authentication Power cycle alert message required clarification.
NC-69951 Core Utilities XG Series firewall on Azure: Couldn't upgrade from 17.5 MR12 to 18.0 MR4 because of failure in applying virtual license.
NC-69302 Date and time zone Changing the NTP settings slowed XGS Series firewall.
NC-71796 Interface Management Backup restore from XG450 to XGS4500 went to failsafe mode.
NC-71610 IPS-DAQ Slow internet speed when FastPath is turned on.
NC-71551 NFP-Firewall XGS6500: LAN zone to user zone traffic dropped intermittently.
NC-71767 UI framework Browser tab header for the installation wizard showed XG Firewall.
NC-71419 UI framework Frequent UI messages that the firewall is restarting.
NRF-445 Firmware RED unable to connect to XG Firewall when an invalid FQDN is entered as the UTM hostname.
NRF-447 RED RED 20 devices were unable to connect to XG Firewall.
NRF-429 RED Slow speed through SD-RED 60.
NRF-486 RED 3G/4G module not working on RED 20 (Verizon).
NRF-431 RED SD-RED 60: Tunnel is up, but traffic doesn't flow.
NRF-53 Firmware Mesh APX reboots randomly causing internet outage.

Known issues

To see the known issues for the firewall, go to the Known issues list.

Set Choose your product to Sophos Firewall. Alternatively, enter a search term.

Upgrading firmware and restoring backups

Upgrading firmware

The upgrade details are as follows:

  • Form factors:
    • 18.5 MR5 to MR1 (excluding MR1-1): All form factors can upgrade to these versions.
    • 18.5 MR1-1: Only some XGS Series firewalls can upgrade to this version.
    • 18.5 GA: XG Series firewalls can't upgrade to this version.
  • FIPS: Versions 18.5 MR2 to MR5 are FIPS-compliant.

Warning We strongly recommend that you migrate only to the approved versions listed in the following table. If you try to migrate to other versions, Sophos Firewall shows an alert asking you to confirm the migration before it restarts. If you confirm the migration, Sophos Firewall restarts with the factory configuration, and you lose your current configuration.

Upgrading firmware
Upgrade from Upgrade to 18.5
MR5 Build 509
(all form factors)
MR4 Build 418
(all form factors)
MR3 Build 408
(all form factors)
MR2 Build 380
(all form factors)
MR1-1 Build 365
(some XGS Series firewalls)*
MR1 Build 326
(all form factors)
GA Build 289
(Only XGS Series)
GA Build 264
(Only XGS Series)
18.5 MR4 Build 418
18.5 MR3 Build 408
18.5 MR2 Build 380
18.5 MR1-1 Build 365
18.5 MR1 Build 326
18.5 GA Build 289
18.5 GA Build 264
18.0 MR6 Build 655
18.0 MR5
18.0 MR4
18.0 MR3
17.5 MR17
17.5 MR16
17.5 MR15
17.5 MR14

* You can only migrate some XGS Series firewalls to 18.5 MR1-1. For details of the supported firewalls, see Supported platforms.

You can downgrade only to compatible versions.

  • Sophos Central: You can schedule firmware upgrades from Sophos Central for firewalls that are already using the following versions:
    • 18.5.x
    • 18.0 MR3 and later
  • Rollback: You can roll back to the previous version if you want. The configuration won't change.
  • Downgrade: You can downgrade from 18.5.x to 18.0.x. However, you can't downgrade from 18.5.x to 17.5 or earlier firmware versions. The web admin console will show an alert. All 18.5.x and 18.0.x versions use the Grub boot loader. The changed bootloader can't recognize 17.x firmware. However, you can install the hardware ISO of 17.5 or earlier if you want and restore the downgraded firmware's backup.

Security Heartbeat for upgrades to 18.5 MR2 and later

An upgrade to 18.5 MR2 and later versions refreshes the firewall certificate used by endpoints to send a heartbeat to the firewall. Endpoints must download the refreshed certificate from Sophos Central after the firewall is upgraded to one of these versions.

Make sure the endpoints have network connectivity. They can then fetch the new certificate from Sophos Central. If the endpoints are blocked from resolving sophos.com through the DNS to download the new certificate, the heartbeat will fail. Example: If you've selected "Block clients with no heartbeat" in the firewall rule, it prevents endpoints from connecting to (internal or external) DNS servers for resolution. For details, see Security Heartbeat connection issue with 18.5 MR2.

Restoring backups

To take a backup and restore the configuration between XG Series and XGS Series appliances, see Backup-restore compatibility check.

You can restore backups as follows:

Supported backups from 17.5 to 18.0
Backup from Restore to 18.5*
MR5 Build 509 MR4 Build 418 MR3 Build 408 MR2 Build 380 MR1-1 and MR1** GA Build 289 GA Build 264
18.5 MR4
18.5 MR3
18.5 MR2
18.5 MR1 and MR1-1
18.5 GA Build 289
18.5 GA Build 264
18.0 MR6
18.0 MR5
18.0 MR4
18.0 MR3
18.0 MR2
18.0 MR1
18.0 GA
17.5 MR17
17.5 MR16
17.5 MR15
17.5 MR14 and earlier
17.1 and earlier

* You can restore backups with or without FIPS turned on to a compatible Sophos Firewall version. See details.

** You can restore a backup from 18.5 MR1 to 18.5 MR1-1 for some XGS series firewalls. For details of the supported firewalls, see Supported platforms.

Supported platforms

Versions 18.5 MR5 to MR1

Sophos Firewall OS versions 18.5 MR5 to MR1 are available on all form factors as follows:

  • XGS Series firewalls
  • XG Series firewalls
  • SG Series firewalls
  • Virtual and software appliances
  • Cloud platforms

Version 18.5 MR1-1

Sophos Firewall OS 18.5 MR1-1 is only available on the following XGS Series firewalls:

  • XGS 4300, XGS 4500, XGS 5500, and XGS 6500

Version 18.5 GA

18.5 GA is only available on the XGS Series hardware deployments.

For more information about the supported firmware versions, licenses, and migration, see Sophos Firewall: Licensing guide.

Minimum RAM

18.5 and later versions require a minimum of 4 GB RAM. So, you can't upgrade the following models to 18.5 and later:

  • XG 85, XG 85w, XG 105, and XG 105w
  • SG 105, SG 105w

Supported firmware versions

  • Wi-Fi firmware 11.0.021 and earlier: 18.5.x versions support this Wi-Fi version.
  • RED firmware 3.0.009 and earlier: 18.5.4 and later versions support this RED version.

Support

You can find technical support for Sophos products in the following ways:

  • Visit the Sophos Community and search for other users who are experiencing the same problem.
  • Visit Sophos Support.
  • Find how-to, configuration, and troubleshooting videos in Sophos Techvids.

Legal notices

Copyright © 2022 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

Sophos Firewall release notes (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Duane Harber

Last Updated:

Views: 5649

Rating: 4 / 5 (51 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Duane Harber

Birthday: 1999-10-17

Address: Apt. 404 9899 Magnolia Roads, Port Royceville, ID 78186

Phone: +186911129794335

Job: Human Hospitality Planner

Hobby: Listening to music, Orienteering, Knapping, Dance, Mountain biking, Fishing, Pottery

Introduction: My name is Duane Harber, I am a modern, clever, handsome, fair, agreeable, inexpensive, beautiful person who loves writing and wants to share my knowledge and understanding with you.