Hi Everyone,
Today we've started to release UTM 9.700. The release will be rolled out in phases.
- In phase 1 you can download the update package from the download area.
- In phase 2 we will make it available via our Up2Date servers in several stages.
- In phase 3 we will make it available via our Up2Date servers to all remaining installations.
What's new in UTM 9.7?
- Support for new APX Access Points
In addition to the legacy AP series access points, UTM 9.7 brings support for the newer Wave 2 APX series access points which can now also be added and managed with UTM 9. This includes support for APX 120, APX 320, APX 530 and APX 740. -
Certificate Chain support for WebAdmin and UserPortal
Full certificate chains that are uploaded to UTM for use with WebAdmin and/or UserPortal will no longer be split but will be delivered in full when accessing WebAdmin and/or UserPortal and web browsers will no longer display warnings for these certificates. -
Certificate Chain Support for WebProxy
When using an intermediate certificate to sign HTTPS decryption certificates in WebProxy, WebProxy will now build and return a full certificate chain for the generated certificate to avoid browsers showing a warning when not explicitly trusting the intermediate certificate. The root certificate has to be available within the verification CAs. -
New RED Site 2 Site Protocol
RED Site 2 Site connections in UTM will now use the same protocol used within XG Firewall for RED Site 2 Site connections. This removes the need to specify legacy RED site 2 site connections in XG Firewall and provides enhancements to the RED site 2 site implementation in UTM. -
Retirement of UTM Endpoint Management
As announced with UTM 9.6, UTM endpoint management will be end of life by the end of this year. UTM 9.7 will no longer include the option for Endpoint Management for the UTM Managed Endpoints, Sophos SEC integration is still part of UTM 9.7.
Up2Date Information
9.6 MR5 (9.605-1) to 9.7 GA (9.700-5)
News
- Features Release
- .
- Support for new APX AccessPoints
- Certificate Chain support for WebAdmin and UserPortal
- Certificate Chain Support for WebProxy
- New RED Site 2 Site Protocol
- Retirement of UTM Endpoint Management
Remarks
- System will be rebooted
- Configuration will be upgraded
- Connected REDs will perform firmware upgrade
- Connected Wifi APs will perform firmware upgrade
Bugfixes
- NUTM-10804 [Access & Identity] strongSwan vulnerability fix (CVE-2010-2628, CVE-2018-17540)
- NUTM-10485 [Email] POP3 E-Mail blocked message won't be displayed properly in some MS Outlook versions
- NUTM-10745 [Email] Quarantine mail older than 14 days are not getting removed
- NUTM-10958 [Email] Quarantined SPX Mails which are released are still available on UTM
- NUTM-10192 [RED] Patch OpenSSL (CVE-2018-0732)
- NUTM-11141 [Sandstorm] Add support for Sandstorm's Frankfurt data centre
- NUTM-10454 [WAF] SAVI integration doesn't support scanning files larger than 2GB
- NUTM-10873 [WAF] Underscore in DNS-Hostname makes WAF unusable
- NUTM-11162 [WAF] Authentication through WAF with URL hardening enabled and umlaut in password fails
- NUTM-11202 [Web] Conform to Apple's new certificate requirements introduced in iOS13 and macOS10.15
9.7 EAP1 (9.670-4) to 9.7 GA (9.700-4)
News
- Features Release
- .
- Support for new APX AccessPoints
- Certificate Chain support for WebAdmin and UserPortal
- Certificate Chain Support for WebProxy
- New RED Site 2 Site Protocol
- Retirement of UTM Endpoint Management
Remarks
- System will be rebooted
- Configuration will be upgraded
Bugfixes
- NUTM-10485 [Email] POP3 E-Mail blocked message won't be displayed properly in some MS Outlook versions
- NUTM-11141 [Sandstorm] Add support for Sandstorm's Frankfurt data centre
- NUTM-11162 [WAF] Authentication through WAF with URL hardening enabled and umlaut in password fails
- NUTM-11202 [Web] Conform to Apple's new certificate requirements introduced in iOS13 and macOS10.15
9.7 GA (9.700-4) to 9.7 GA (9.700-5)
News
- GA Release
Remarks
- System will be rebooted
Bugfixes
- NUTM-11273 [RED] RED Site-2-Site inoperable after update from 9.6 to 9.7
Download
While the release is in soft-release phase, you can find the Up2Date package at:
- https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.605001-700005.tgz.gpg
- https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.605001-700005.tgz.gpg.md5
If you are running 9.7 EAP1 (9.670-4), please use the following packages:
- https://download.astaro.com/UTM/v9/beta/u2d-sys-9.670004-700004.tgz.gpg
- https://download.astaro.com/UTM/v9/beta/u2d-sys-9.670004-700004.tgz.gpg.md5
- https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.700004-700005.tgz.gpg
- https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.700004-700005.tgz.gpg.md5
If you are already running 9.7 GA (9.700-4), please use the following packages:
- https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.700004-700005.tgz.gpg
- https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.700004-700005.tgz.gpg.md5
Known Issues
In the versions 9.670-4 and 9.700-4, an issue has been discovered where after the update RED Site-to-Site tunnels may not work. This issue does not affect deployments using hardware RED devices. Fixed Up2Date packages have been released in the meanwhile. Please also see the related KB article.