Today we've released UTM 9.508. The release will be rolled out in phases. In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.
As part of UTM 9.508, the wireless firmware is updated to 11.0.003.
Thanks for WIFI update :-)
The soft release is available for download from the below FTP link:
Exchange 2019 will probably be released by the end of the year if there is ever an update to the waf for Exchange 2016 before we eventually migrated to 2019 :D
Will all the s/mime certificates for email encryption automatically be regenerated?
If not- how to export a list with email encryption users and comments? And then how to import this list for automatically regenerate smime certificates?
Article community.sophos.com/.../131727 captured the information on how to deal with (optional) certificate regeneration.
The UTM 576 Bug is back :(
My first Sophos was plagued with problems, slow or non-existent loading of sites like the BBC, Google Maps or Reddit. It took months of emails, research and support tickets before we found the problem was an MTU setting.
The 9.4 series firmware introduced a bug where it would only allow whatever MTU your ISP sent. In many cases this was 576, however this caused the browsing problems described above.
I’ve been speaking with Sophos Support and they said this problem can be worked around in CLI or do a factory image of 9.5.
The first fix was to modify the backend via CLI to ignore the ISP MTU, this worked.
Once the WAN MTU was set to 1500 all the problems went away.
But I was advised re-imaging to 9.5 would fix the problem for good.
So yesterday I factory imaged 2 Sophos units to 9.5 and the bug was gone
Today I updated my test SG 135 to 9.508-10 and the bug has returned!
So now I have to refuse all future updates from the Factory ISO of 9.5, or presumably hack a workaround in CLI again?
What should I do?
Martin Murray I sent you a private message regarding your issue.
The issue you described may not be related to updating to 9.508. It could be due to re-imaging your UTM.
By default MTU auto discovery feature is enabled and if your ISP DHCP server broadcast a small MTU size you may run into the issue you described. Please see my message for further details on the issue,
"The issue you described may not be related to updating to 9.508. It could be due to re-imaging your UTM."
As I stated in my original comment:
"So yesterday I factory imaged 2 Sophos units to 9.5 and the bug was gone."
I was advised by Sophos Support that re-imaging using the ISO 9.5 was the best way to remove this bug.
They were right, re-imaging gets rid of this bug, I was very happy.
What made me very unhappy was updating from 9.502 to 9.508-10 re-introduced this bug.
What really upsets me is that this bug took me months to find as Sophos Support had no idea what was causing all my problems.
Until one clever person finally realised it was the MTU problem.
This was fixed in the 9.5 ISO, Sophos have now brought it back.
Please, for the sake of all our sanity, enable the MTU setting in the GUI!
Martin Murray Thanks for the feedback, we will look into adding a UI option for disabling auto_mtu_discovery feature.
Re-imaging your system enables auto_mtu_discovery feature which was previously disabled.
The question I have is, prior to re-imaging your UTM did you update to 9.508 and run into this issue or did you run into this after re-imaging your UTM and then updating to 9.508? What was the original reason for re-imaging your UTM to 9.5?
Researching the upgrade path from 9.506-2 to 9.508-10 to see what problems to expect and would love a fill in on the MTU issue described here. You can change the MTU setting in interfaces, so not sure what you are referring to. If there is an issue with MTU directly impacting web browsing then I could very well be suffering from the same issue.
I have noticed that our UTM performs better for browsing sites after a reboot, so much so that I scheduled a reboot to occur every night. Even had users compliment how fast the internet was when they were not aware that I had implemented the workaround. A single HTTP file download such as speed test will be fine, however browsing is sluggish and times out - gets worse over time. There is definitely an issue with an underlying service somewhere, and it has existed for a long time.
I will be remote upgrading our UTM so want to avoid having to reimage the system as much as possible.
Updated from 9.506 to 9.508, MTU auto discovery previously disabled on WAN interface. After applying up2date's, MTU auto discovery is still disabled on WAN interface.
TLDR -> Interface MTU settings retained after applying this update.
After update to UTM 9.508, AWS VPN tunnels failed.
After the update, I have site to site vpn connection issue. The vpn connection status is up, but i cant reach our amazon vpc server. I have tried to delete the connection and setup again. But still cant access.
No roll back issue, only restore from backed up AMI solve the issue.
This breaks AWS VPC. By all accounts it’s a known issue and sophos have a patch but not realeased yet. They really should have pulled the update. So angry.