Today we've started to release UTM 9.700. The release will be rolled out in phases.
Certificate Chain support for WebAdmin and UserPortalFull certificate chains that are uploaded to UTM for use with WebAdmin and/or UserPortal will no longer be split but will be delivered in full when accessing WebAdmin and/or UserPortal and web browsers will no longer display warnings for these certificates.
Certificate Chain Support for WebProxyWhen using an intermediate certificate to sign HTTPS decryption certificates in WebProxy, WebProxy will now build and return a full certificate chain for the generated certificate to avoid browsers showing a warning when not explicitly trusting the intermediate certificate. The root certificate has to be available within the verification CAs.
New RED Site 2 Site ProtocolRED Site 2 Site connections in UTM will now use the same protocol used within XG Firewall for RED Site 2 Site connections. This removes the need to specify legacy RED site 2 site connections in XG Firewall and provides enhancements to the RED site 2 site implementation in UTM.
Retirement of UTM Endpoint ManagementAs announced with UTM 9.6, UTM endpoint management will be end of life by the end of this year. UTM 9.7 will no longer include the option for Endpoint Management for the UTM Managed Endpoints, Sophos SEC integration is still part of UTM 9.7.
While the release is in soft-release phase, you can find the Up2Date package at:
If you are running 9.7 EAP1 (9.670-4), please use the following packages:
If you are already running 9.7 GA (9.700-4), please use the following packages:
In the versions 9.670-4 and 9.700-4, an issue has been discovered where after the update RED Site-to-Site tunnels may not work. This issue does not affect deployments using hardware RED devices. Fixed Up2Date packages have been released in the meanwhile. Please also see the related KB article.
What about update for 9.700-4 to 9.700-5, we are running 9.700-4 at the moment...
The update from 9.700-4 to 9.700-5 will be available in the next days.
Any plans to update Let's Encrypt to use ACME v2? As it stands, the Let's Encrypt integration is useless for people who have not already registered prior to the ACMEv1 cutoff because they won't be able to register. May as well disable the checkbox if not already registered.
fw letsencrypt: E Create account: REG_FAILED: "detail": "Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See community.letsencrypt.org/.../88430 for details.",
@jwalker55: I was told, that v9.7 has Acmev2 included. Did you check this out?
@jwalker55: I verified it, with 9.7 you can register again at Letsencrypt.
Question, will this update solve the long standing issue of the UTMs failing PCI scans when utilizing hardware REDs?
seroal thanks for responding and verifying! I have not installed 9.7 yet, but glad to know it is working again!
Is it odd that we haven't received notification to update to 9.700 given its initial release was the end of September? or has it still fully not been pushed out? still running 9.605-1.
James Roughley Same here. Still haven't seen 9.7 come in through up2date.
I think we are in Phase 2 - I have had it come through Up2Date on some of the firewalls we manage, but not all.
We have an Esxi 9.6 MR5 (9.605-1) appliance and was woundering if the download.astaro.com/.../u2d-sys-9.605001-700005.tgz.gpg is compatible for vmware ESXI appliance installation?
when we will come to Phase 3?
We have SG 310 still at 9.605-1, does the above updates in In phase 2 or In phase 3? My UTM dont see these updates.
I have a HA SG135, where the slave died during update, where can i find "9.700-5" ISO for my Suse sophos stick?
Hi, some news about ike v2 in next releases?