UTM Up2Date 9.701 Released

Today we've released UTM 9.701. The release will be rolled out in phases.

In phase 1 you can download the update package from our download server, in phase 2 we will spread it via our Up2Date servers.

Up2Date Information


  • Maintenance Release


  • System will be rebooted
  • Configuration will be upgraded
  • Connected APs will perform firmware upgrade
  • Connected REDs will perform firmware upgrade

Issues Resolved

  • NUTM-11142 [AWS] Unable to create VPC tunnel to AWS GovCloud
  • NUTM-10024 [Basesystem] Unexpected reboots of both HA nodes
  • NUTM-10625 [Basesystem] IPs will be counted under license usage even they are not really active
  • NUTM-10893 [Basesystem] UTM does not process traffic after reboot
  • NUTM-11065 [Basesystem] iptables-restore: line 10 failed: ICMP Rule disappears sporadically
  • NUTM-11234 [Basesystem] NTP vulnerabilitiy (CVE-2018-12327)
  • NUTM-11121 [Configuration Management] Confd move_object() is broken
  • NUTM-10051 [Email] DLP Custom expression does not match if message text starts with a '<'
  • NUTM-11229 [Email] Patch Exim (CVE-2019-15846)
  • NUTM-10019 [Network] Unexpected UDP drops (UDP / 4742)
  • NUTM-10519 [Network] BGP neighborship not coming up
  • NUTM-10963 [Network] NAT rules stopped working after update
  • NUTM-11005 [Network] IP renewal doesn't work for one interface if multiple dynamic uplinks exist
  • NUTM-11175 [Network] IPS exception does not work for SID 49666 for inbound WAF traffic
  • NUTM-11208 [Network] Optimize route updates
  • NUTM-11003 [UI Framework] Portal login failed to find user object of Active Directory user
  • NUTM-11030 [UI Framework] Webadmin mass enable/disable/delete user does not work
  • NUTM-11053 [UI Framework] Alert "Do you want to wait xx more seconds to finish the request?" does not disappear if request is done.
  • NUTM-11214 [UI Framework] Conform to Apple's new certificate requirements (webadmin)
  • NUTM-10960 [Web] Proxy crash with coredump on UTM 9.602
  • NUTM-11034 [Web] Method change on UTM warn page in 9.6 cause warning in Firefox
  • NUTM-11102 [Web] SafeSearch not working as expected
  • NUTM-11345 [Web] Regenerated Signing CA using 1024bit key, causing iOS 13 trust issues
  • NUTM-11422 [Web] Error while saving any web filter profile after upgrade to 9.7
  • NUTM-10834 [Wireless] UTM config changelog updates when reviewing wireless network settings
  • NUTM-11122 [Wireless] QR code missing from hotspot voucher when custom hostname is longer than 24 characters
  • NUTM-11150 [Wireless] APs became inactive after upgrade from UTM 9.603 to 9.604
  • Already installed and rollin' :-)

    Thanks for NUTM-11053 especially :-)

  • Yesterday, I had a planned update on two SG 125 from 9.700-4 to 9.700-5 to 9.701-6. Both apparently lost the update to 9.701-6 and it was only updated to 9.700-5.

  •  That's correct behavior, even if it created some additional work in your case. The system is syncing the update file list with the update server and since the 9.7 MR1 ist not yet there (it's in soft-release), the update get's purged from the system. This is the "recovery method" to remove not needed or faulty updates which could not be installed. In your case it removed a valid update because the up2date server is not yet aware of it. Please upload it again and install it. If your system takes too long to unpack/install the update, you can temporarily set the update check to manual.

  • Oh, okay. I did not know that. Thanks for the feedback.

  • NUTM-11345: It seems it's not working for me, i've updated the Proxy CA certificate, which is 2048 bit and imported it to IOS13, but the HTTPS websites can't be displayed.

  • I upgraded the firmware yesterday to 9.701-6 on our SG210 and this morning had a call from the office as no O365 e-mails had arrived for anyone and when I tried to login remotely I got in ok then the connection dropped for 10 seconds then connected then dropped again etc.

    I rebooted the UTM and everyone’s e-mails came through and the connection has been ok since.

    Not had any issues with this UTM every before.

  • After the update, I got the error "Failed to get SAVI instance" on almost every website.

    It worked, after I changed the antivirus scan settings to Avira single scan engine.

    Not sure if this is related to the Update...

  • Does NUTM-10625 mean that if we have 50+ IP addresses created, we are in violation of the license? At any given time, I usually have 11 active addresses, but I have 57 objects defined with static IPs.

  •  IP addresses are counted only if traffic is seen originating from it.

  • That's a relief. The wording of the release notes imply otherwise:

    **NUTM-10625 [Basesystem] IPs will be counted under license usage even they are not really active**