The issue is possibly observed when there are multiple up link interfaces which belong to the group "Up link Primary Addresses" and this group is used as the original destination in a NAT rule. Once UTM has been rebooted/upgraded, the affected NAT rules might stop working.
Applies to the following Sophos product(s) and version(s)
Sophos UTM 9.6
Fix has been scheduled for 9.7 GA. Until firmware is released, please contact to Sophos Support for early fix.
If you experience similar symptoms, please validate by checking the below logs in packet-filter logs.
2019:07:29-17:40:11 pbvsophos ulogd: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="123" initf="eth2" outitf="eth0" srcmac="aa:bb:cc:dd:ee:ff" dstmac="gg:hh:ii:jj:kk:ll:mm" srcip="a.b.c.d" dstip="w.x.y.z" proto="6" length="52" tos="0x02" prec="0x00" ttl="114" srcport="59826" dstport="25" tcpflags="SYN"
If you observe similar logs in packet-filter log file, then please follow workaround mentioned below.
This issue can be resolved by manually disabling and re-enabling the affected NAT rules on Web GUI.
This article will be updated if there is a change in the release plan.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.