UTM Up2Date 9.605 Released

Today we've released UTM 9.605. The release will be rolled out in phases.

In phase 1 you can download the update package from our download server, in phase 2 we will spread it via our Up2Date servers.

Up2Date Information


  • Maintenance Release


  • System will be rebooted
  • Connected APs will perform firmware upgrade
  • Connected REDs will perform firmware upgrade

Issues Resolved

  • NUTM-10885 [Basesystem] Fallback log flooded since update to 9.6
  • NUTM-10667 [Email] Emails are not being processed, have "Stale ID in DB" in debug log
  • NUTM-10870 [Email] UTM not rejecting emails with dot at the end of the local part address
  • NUTM-10809 [RED] Offline provisioned RED15 loses their config in case of UTM reboot
  • NUTM-10812 [RED] RED can't connect to UTM if it is configured in transparent/split mode and a DNS name as UTM hostname
  • NUTM-10903 [RED] Transparent/split: DNS does not work if the gateway and DNS server are different but in the same network
  • NUTM-10962 [RED] Fix for RED50 does not start up after firmware update for most scenarios
  • NUTM-10636 [Reporting] Executive report not accurate - missing SSL VPN sessions
  • NUTM-10877 [Sandstorm] Sandbox Activity in Webadmin does not show all activities since 9.6
  • NUTM-10822 [WAF] Privilege escalation from modules' scripts (CVE-2019-0211)
  • NUTM-10823 [WAF] URL normalization inconsistency (CVE-2019-0220)
  • NUTM-10886 [WAF] All HTTP requests are forwarded to HTTPS
  • NUTM-10978 [WAF] reverseproxy.log does not show requested domain
  • NUTM-10986 [WAF] HTML rewriting in large embedded CSS leaks memory
  • NUTM-10705 [WebAdmin] Potential User Portal session cookie hijacking
  • NUTM-10862 [WebAdmin] After updating to 9.6 read only admins cannot see advanced tabs
  • NUTM-10941 [WebAdmin] Webadmin not accessible when user prefetch is running
  • NUTM-10952 [WebAdmin] HTTPS pages sporadically no longer work with transparent proxy since 9.602
  • NUTM-10748 [Web] Proxy restarted httpproxy.DeferredExpire
  • NUTM-10792 [Web] Follow up: New Web Templates for content warn does not work in 9.6
  • NUTM-10802 [Web] HTTPS websites are not accessible through http proxy if you follow the BSI recommendation regarding TLS
  • NUTM-10816 [Web] Blockpage font rendered incorrectly in Firefox
  • NUTM-10876 [Web] Web Proxy blocks range requests since 9.6
  • NUTM-10895 [Web] Video from NEST CAM constantly loading
  • NUTM-10985 [Web] HTTP proxy is getting crashed with segfault and core dump
  • leider mit diesem (oder dem vorherigen 9.604, wurde beides direkt hintereinander eingespielt) Update wieder Probleme mit den RED50!

    Temporäre Abhilfe schuf der erste Port aus dem Link:


    es wäre schön wenn man das endlich mal in den Griff bekommen könnte ohne dass unsere Standorte nach Updates immer wieder offline sind!!

  • Does this Up2Date leave use_unified_firmware at 0?  Does it address the issue that was bricking some REDs?  Until there's more clarity, I don't recommend this to anyone.

  • Is this firmware update fixing the bricking issue with RED50? What does "for most scenarios" mean?

  • Apparently this has been pulled from the download server as of 31th of July. Sophos Support has urged me to install this update for a customer that has the "bricking RED50 issue" with 3 of their devices last week. Just can't download it via the provided link in this post.

  • @Christoph Müller: The download is still available, the link only shows the contents of the download server, you still must choose the right download on the bottom of the page: u2d-sys-9.604002-605001.tgz.gpg

  • Stuff has reappeared for me - weird issue. Especially since one of my customers and me had the same problem.

  • Just updated a SG115 on the weekend and ETH0 is missing now. I know how to fix it but its sad that they always reimplement problems they already solved with updates in the past...

  • NUTM-10812 [RED] RED can't connect to UTM if it is configured in transparent/split mode and a DNS name as UTM hostname

    Dieser Fehler ist noch nicht behoben.. ich habe jetzt das Update eingespielt und mir dadurch diesen Fehler eingehandelt... Mit dem Umweg über die öffentliche IP Adresse ging es dann... aber ich hätte doch gerne den UTM Hostname wieder funktionstüchtig.

  • since this udpate out RED 15 is not connecting anmore to the UTM in the office.

    Looks like updating the UTM with a connected RED is very dangerous nowadays, too bad.

    I hope the Support does not need weeks like last time, we need the connection, its not a game machine!

  • I have been working with Sophos for over two weeks. The Cloud Formation template update fails. Still have no resolution.

    Its unbelievable how little oversight goes into QA for these firmware updates. This marks the third major issue we have had updating UTM firmware.

  • Greetings,

    Could you please suggest the latest stable version?