Sophos UTM 9.501 on AWS Release Notes

We're excited to announce that we've just released Sophos UTM 9.501 on AWS. Along with all the great functionality introduced in Sophos UTM 9.5, we've added three new features specifically designed for our customers in AWS. The new features are the AWS Management Menu, S3 Polling, and Security Group Management.

AWS Management Menu

We've released a lot of features for customers using UTM in AWS, including our Outbound Gateway, Conversion Utility, and CloudFormation templates. To make UI navigation simpler, we've introduced a new menu where you can find all AWS specific features and get easy access to tools and documentation for using UTM in AWS. The new menu, called AWS Management, provides quick links to our GitHub repository, Chef recipes, AWS documentation, and menus for AWS specific features. Check out the new menu and you might learn about some things UTM can do in AWS that you didn't know about.

S3 Polling

In previous releases, Sophos UTM Auto Scaling used SNS to notify UTM Workers of configuration changes. The use of SNS created security concerns for some of our customers as they had to open up ports for SNS notifications. Now with Sophos UTM 9.501 on AWS, the UTM Workers poll S3 at frequent intervals to see if there are any configuration changes. If the UTM Workers have detected a configuration change, they will poll down the new configuration from S3 and apply any changes. Customers no longer need to open ports for SNS notifications, and our CloudFormation templates have been updated to remove SNS completely.

Security Group Management

Security Groups provide a basic layer of security by allowing access to EC2 instances based on IP addresses and ports. Many of our customers use Security Groups by only allowing specific ports access to their EC2 instances and then use UTM to inspect application traffic. However, other customers completely disable Security Groups and use UTM to control both port access and application inspection. To accommodate both use cases, we’ve introduced a new feature called Security Group Management. Security Group Management allows customers to choose if they would like UTM to overwrite Security Groups and control all ports/IP access to EC2 instances hosting UTM software or if they would like to control Security Groups directly from the AWS Management console. You’ll find the new feature under AWS Management > AWS Settings > Security Groups.

Bug Fixes

  • NUTM-6476 [AWS]    Signature version mismatch in different regions causes failing upload to S3
  • NUTM-7096 [AWS]    Provide AWS information via pattern up2date
  • NUTM-7239 [AWS]    Disable SSH login for root for all AWS Marketplace AMIs
  • NUTM-7894 [AWS]    Change "Crash Report" to read as "Error Report"
  • NUTM-7930 [AWS]    Interface type "Group" is not visible in Web admin
  • NUTM-6607 [AWS]    aws_config_managment is started too early by selfmon
  • NUTM-7080 [AWS]    Dashboard shows wrong status of OGW interfaces
  • NUTM-7578 [AWS]    Workers create duplicate syslog messages on syslog server
  • NUTM-8127 [AWS]    Link to CloudFormation console during cloudupdate is not working
  • NUTM-8425 [AWS]    ha_aws service does not start after reboot

Sophos UTM 9.501 also includes Bug fixes in the following general releases:

Known Issues

Sophos UTM 9.501 on AWS has three known issues that will be addressed in later releases:

  • Webserver Protection graphs may not display correct percentages
  • Conversion Utility for UTM 9.411 may not find the correct AMI
  • Dashboards may not show the correct firmware version; you can review Management > Up2Date > Overview menu to confirm the correct firmware version

You can update to UTM 9.501 by running up2date for UTM Stand Alone or by updating your CloudFormation stacks for UTM High Availability and Auto Scaling. Let us know what you think about our new release by posting to our user community forums.