Update 2 - September 18, 2015 @ 5:30pm UTC +0:
Some users have noticed that the ATP pattern does not automatically update if ATP is disabled - this is expected behavior. New patterns are only automatically updated for enabled services. By default, patterns are downloaded and installed every 15 minutes; if you want to force an update of the ATP pattern, you can do the following:
Note: the --nosys option is important as it prevents system firmware from being downloaded or installed. If you aren't running the latest firmware, be sure to include it otherwise your UTM will update and automatically restart itself.
If you experience any other issues with ATP or named (such as not being able to restart it correctly), please contact Support for assistance.
Update - September 17, 2015 @ 8:00pm UTC +0:
A new Advanced Threat Protection pattern has been released (version 9.10610) which drastically reduces the memory footprint of named. This should alleviate the majority of performance problems UTMs have been experiencing caused by this issue. UTMs with automatic pattern updates enabled should download and install the new pattern shortly.
To check which version of the ATP pattern is currently installed, please login to the UTM's console as root and enter the following command:
utm:/root # rpm -qi u2d-aptp Name : u2d-aptp Relocations: (not relocatable) Version : 9 Vendor: Astaro GmbH & Co. KG Release : 10610 Build Date: Thu 17 Sep 2015 12:09:33 PM PDT Install Date: Thu 17 Sep 2015 12:50:11 PM PDT Build Host: kar-patternbuild1
If after the ATP pattern version 9.10610 is installed you notice named's memory usage is still high, please enter /var/mdw/scripts/named restart to restart the named service, which should reset its memory footprint back to normal.
If you continue to experience issues after the pattern is installed and named is restarted, please contact Sophos Support for assistance.
September 17, 2015
The information provided by Sophos Labs for Advanced Threat Protection on the UTM has increased significantly in the past two weeks. This has influenced the named (DNS forwarder) service, resulting in the file containing the data for this service tripling in size.
While providing extra protection against potential ATP threats, this has resulted in high memory usage by the named service.
The extra named memory usage has resulted in a decrease in performance on UTMs with 2gb of RAM (UTM 120r5, 220r5, SG 105/105w).
Applies to the following Sophos product(s) and version(s) Sophos UTM v9.313+
To mitigate this issue, one workaround is to disable Advanced Threat Protection. This can be done in the UTM WebAdmin by browsing to Network Protection > Advanced Threat Protection and clicking on the 'Enable/Disable' slider button:
This is only a temporary measure as Development & Sophos Labs are currently working on a permanent solution to this issue.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.