UTM Up2Date 9.602 Released

Today we've released UTM 9.602. The release will be rolled out in phases.

In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.

Up2Date Information


  • Maintenance Release


  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade

Issues Resolved

  • NUTM-10728 [Access & Identity] Race condition on configuration change of RED device
  • NUTM-9877 [Access & Identity] Configurable RADIUS timeout for L2TP over IPsec
  • NUTM-10190 [Basesystem] CVE-2018-15473: OpenSSH username enumeration
  • NUTM-10362 [Email] MIME type detection doesn't work as expected - header Content-Type always considered
  • NUTM-10480 [Email] Mail Based XSS in Sophos UTM 9
  • NUTM-10484 [Email] POP3 Proxy stops working sometimes
  • NUTM-10545 [Email] Update SPX placeholder description
  • NUTM-10521 [Logging] /tmp partition getting full when using livelog
  • NUTM-10291 [Network] DNS Host object not updated/unresolved
  • NUTM-10460 [Network] GeoIP dropping traffic from allowed region
  • NUTM-10537 [Network] Additional IP address on a bridge interface exist in back-end even after deleting it
  • NUTM-10536 [RED] Wifi traffic on the internal RED15w AP is always routed through the RED tunnel
  • NUTM-10594 [RED] RED50 disconnects randomly
  • NUTM-10595 [Sandstorm] Sandbox Activity Tab not accessible due to license error
  • NUTM-10852 [Sandstorm] Sandboxd complaining on missing column in database/sqlite
  • NUTM-10626 [WAF] Let's Encrypt certificate renewal fails because of failing terms of service check
  • NUTM-10644 [WAF] mod_session_cookie does not respect expiry time (CVE-2018-17199)
  • NUTM-10661 [WAF] SSL redirect broken for wildcard certificates
  • NUTM-10322 [Web] Proxy crash with coredump on UTM 9.508
  • NUTM-10633 [Web] New web templates for content warn does not work in 9.6
  • NUTM-10657 [Web] httpproxy uses up all CPUs in peak hours, resulting in slow browsing
  • NUTM-10668 [Web] Quota relevant web page are accessible when using AD SSO
  • NUTM-10758 [Web] Application Control - Skiplist not working for destination IP
  • NUTM-10546 [Wireless] Updating to 9.6 GA with REDw devices causes corrupt payload and AP becomes inactive
  • Lets encrypt renewal cronjob still checking every minute?

    from /etc/crontab

    * * * * * dehydrated /var/chroot-reverseproxy/usr/dehydrated/bin/renew_certificate.pl  > /dev/null

  • I updated night before last and it seems to have bricked my firewall. I'm not sure if I'm on 602 or 601 because I can no longer login to my box. I also can not ping outside of my network. The error I am receiving when logging in is "Can't use string ("0") as an ARRAY ref while "strict refs" in use at /core/modules/core_menu.pm line 41, line 1."

  • FWIW this firmware has the same bug as the previous version -- where a RED15w, after the upgrade, drops the wifi side -- with the same MD5 mismatch error, driving CPU usage up.  The fix is the same as before, delete the AP, then re-add it.  Could be a pain in larger installations.

  • The latest Update on the Sophos FTP Server (ftp.astaro.com/.../) is a few days:

    u2d-sys-9.601005-602003.tgz.gpg , where we can find the UTM Up2Date 9.602 ??

  • @Dirk L: you found it. It's exactly the file.

  • Doe this firmware include a fix for the issue related in this Sophos Community Forum thread? community.sophos.com/products/unified-threat-management/f/remote-ethernet-device-red/111304/utm-9-601---red-issues

  • Looks likes it's hit phase 2 -all my UTM's are now ready reporting as being available, in fact they all reported in with this very quickly. This is quite unusual as I've got  several different models and geographies.

  • How do you configure this? NUTM-9877 [Access & Identity] Configurable RADIUS timeout for L2TP over IPsec - where is the setting to change this?

  • Endlich sind die Probleme mit der RED50 erledigt! Wurde Zeit für dieses Update, Danke

  • @Timo Gebhard: Hi Timo. Bitte notiere mal den Link auf den Problemeintrag, welches Problem genau gelöst ist. LG, Janbo

  • Since this update, when searching the firewall log, the returned results are just like the live log. Full log entries are NOT being returned. The results even have the salmon colored background.

  • wir hatten das Problem dass die Verbindung der RED50 immer wieder verloren ging mit der Meldung

    red2ctl_11679_: Overflow happened on reds1:0

    red2ctl_11679_: Missing keepalive from reds1:0, disabling peer

    Nach dem Update liefen die RED50 alle ohne Verbindungsabbrüche

  • We have a problem after the 9.602 Update concerning the automatic firewall rules applied by NAT in association with Uplink Interfaces load balancing. After the Update Portforwarding Rules are ignored and connections are blocked. We had to apply firewall rules allowing any-->service-->internal host additionally to the automatically applied any-->service--> uplink primary addresses. Is this a wanted behaviour ?