UTM Up2Date 9.703 Released

Important Notes

The initial UTM 9.703 release was pulled back and replaced with a new build (9.703-3), where the code change for "NUTM-11173 [Basesystem] IPsec doesn't re-connect on DHCP interface after firmware upgrade" is reverted. More information and RCA can be found in the KBA at: https://community.sophos.com/kb/en-us/135383.

The new version of UTM 9.703 is available at our download server.

There are two update packages available:

  • One for customers, who are still on UTM 9.702 (u2d-sys-9.702001-703003.tgz.gpg) and
  • One for customers, who have already updated to 9.703-2 (u2d-sys-9.703002-703003.tgz.gpg).

Both update will be available via our Up2Date server later.


Up2Date Information


  • Maintenance Release
  • Add Support for new SD-RED 20 and SD-RED 60 devices


  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade

Issues Resolved

  • NUTM-9381 [Access & Identity] WebAdmin user getting an error while browsing 'Sophos Transparent Authentication Status' tab
  • NUTM-11258 [Access & Identity] [SAA] Wrong version of SAA displayed in Windows with MSI installer
  • NUTM-11578 [Access & Identity] Patch strongSwan (CVE-2019-10155)
  • NUTM-11589 [Access & Identity] [SAA] Add TLS 1.2 support for Windows client
  • NUTM-11590 [Access & Identity] [SAA] Add TLS 1.2 support for macOS client
  • NUTM-11675 [Access & Identity] Patch PPTP and L2TP pppd (CVE-2020-8597)
  • NUTM-11109 [Basesystem] Status lights blinking green constantly on SG 1xx and XG 1xx series
  • NUTM-11255 [Basesystem] Fix "Internet IPv6" binding in case of multiple IPv6 uplinks
  • NUTM-11417 [Basesystem] SG115rev3 HA eth3 interface flapping after update to 9.7
  • NUTM-11645 [Basesystem] Patch libxml2 (CVE-2019-19956, CVE-2020-7595)
  • NUTM-11561 [Configuration Management] Unable to load certificate list in WebAdmin when large number of certificates present
  • NUTM-10803 [Email] S/MIME signed mails have an invalid signature if 3rd party CA is used
  • NUTM-11240 [Email] Recipient verification fails due to incomplete LDAP search query
  • NUTM-11662 [Email] Bad request for release mails out of the quarantine report after update to 9.7 MR1
  • NUTM-11485 [Kernel] Patch Linux Kernel (CVE-2019-18198)
  • NUTM-11288 [Localization] AWS Current Stack link is incorrect
  • NUTM-11081 [Network] Up-link balancing not clearing conntracks when interface goes down
  • NUTM-11218 [Network] ulogd restarting/core-dumps
  • NUTM-11614 [Network] Increase GARP buffer
  • NUTM-11676 [Network] Patch pppd (CVE-2020-8597)
  • NUTM-11573 [RED] RED interface doesn't obtain IP after UTM reboot
  • NUTM-11467 [RED_Firmware] RED15w WPA/WPA2 enterprise cannot connect
  • NUTM-11822 [RED_Firmware] RED15 firmware update might fail if flash has bad blocks
  • NUTM-11378 [Reporting] Top5 Malware won't be displayed in Executive Reports if those are sent as PDF
  • NUTM-11220 [Sandstorm] When opening Sandstorm activity which contains Korean characters for example, you get this error "cannot decode string with wide characters at encode.pm line 174"
  • NUTM-10202 [UI Framework] [SAA] Live user table doesn't scale with very long names
  • NUTM-11084 [UI Framework] Webadmin Information popup not visible
  • NUTM-11191 [UI Framework] Can't download certificate in WebAdmin when name contains apostrophe
  • NUTM-11584 [UI Framework] Replace FTP Up2date download link in WebAdmin with HTTPs
  • NUTM-11598 [UI Framework] Internal Server Error alert thrown with initial Webadmin request after installation
  • NUTM-11725 [UI Framework] Update prototype
  • NUTM-11130 [Web] Add configuration for savi_scan_timeout
  • NUTM-11346 [Web] Warn page proceed fails due to missing parameters
  • NUTM-10269 [Wireless] SSID stops broadcasting
  • NUTM-11581 [Wireless] User with "Wireless Protection Manager" rights is unable to change wireless settings if mesh is configured
  • Hello, thank you for the update. I tried to update 3x from a working 9.702-001 to 9.703-2, and always had major problems after it.  No access to the GUI of the UTM, no internet connection. As emails I received:


    Middleware not running - restarted


    System Uptime      : 0 days 0 hours 3 minutes

    System Load        : 1.77

    System Version     : Sophos UTM 9.703-2

    Please refer to the manual for detailed instructions.

    9.703-2 without problems


    I waited even a few hours if the UTM maybe needed some more time, to no avail. MD5-checksum was correct. Have now re-installed 9.702-001 and restored a backup-config, all ist working perfectly well again.

  • Killed my virtual Sophos UTM as well... 9.701 --> 9.703

    Same situation as Markus, got the Webadmin running for 60 seconds thou...

    Reinstalled 9.702 and restored from Backup :-(

  • Strange, I updated 9.702-001 to 9.703-2 and had no issues. I run UTM home license inside Proxmox, so virtual inside KVM.

    Gui and internet both work.

  • Updated my software firewall updated from 9.701 --> 9.703 just fine this morning, about 5 hours ago. Reboot took a bit longer than expected but I can't say for sure. Everything seems to be running just fine though.

    One observation however is that 'Management->Licensing->Active IP Addresses' currently shows 0 in use. I'm not sure if thats due to less than 24 hours since reboot or ???? but as I've actually been pushing the limit, I'm not complaining. More than likely however it's tracking just fine and the error is that it's not reporting it. Afraid I may breach and not know it.

  • 10 April 2020

            DO NOT INSTALL 9.703!!!                       DO NOT INSTALL 9.703!!!                       DO NOT INSTALL 9.703!!!                       DO NOT INSTALL 9.703!!!

    I recommend that this version be withdrawn.  See my post: community.sophos.com/.../434475

    Cheers - Bob

  • Have installed 1 x SG210 and 1xUTM 220 both running ASG Software version, had no issues, been running for 12 hours, just to participate in this. Both from the looks beneath, I should have been carefull and not "lucky" ;)

  • I installed it on two SG 125s today and have not seen any problems yet.

  • Seems there is something seriously broken in 9.703.

    I have to go down to MTU=1320 at several sites since we updated to that version there to reach resources outside the LAN.

    This happens with SG210, SG230, SG135w, SG115w, SG105 and a software appliance as well.

    Since the rest of the equipment in the networks didn't  change, I suspect something is wrong with MSS and / or MTU handling.

    I think it is time to publish either an emergeny patch or withdraw 9.703!

  • People are reporting problems since 5 days and no comment from Sophos, I don't believe it!

  • I updated a customer's  SG135w last Thursday, and was facing very similar issues as Markus mentioned.

    Update path was from 9.702001->9.703002.

    Immediately after reboot the appliance was able to send few emails, e.g. about middleware not running, Web GUI was accessible, but responding slowly. After a few minutes it wasn't possible anymore to access the GUI, no ping response anymore, and all ethernet interfaces seemed to be flapping every few minutes, no internet access, because web protection proxy was also unreachable.

    And the bad thing: since the device was responding only for a minute or 2 after reboot, we weren't able to export some logs, before we decided to enforce a clean re-install of the previous version.

    The only way to get it back into operation was to reinstall 9.702001 from a DVD and to restore the latest backup we luckily had.

  • I installed the 9.703 release on my SG115 before I found this thread, and luckily I haven't had the problems reported here. However, I'm sure I would've rolled the dice anyways as I've been experiencing what I suspect is this bug:

    NUTM-10269 [Wireless] SSID stops broadcasting

    Since I've been working remotely lately this has been especially problematic. I probably have to reboot my access point once a day now, as the wireless just stops working at the most inopportune times (of course).

    Unfortunately, 9.703 did not help this problem at all. With this new version installed, my wireless network still randomly stops broadcasting at least once a day requiring me to reboot the access point either by pulling the plug on the AP or doing an SSH to the SSG115 from my desktop and using "awetool".

    I certainly hope this gets fixed soon.

  • Very interesting to read the updated Root Cause Analysis and refreshing to see a company own up to some miscommunication publicly. I am by no means bashing, but hope lessons learned are actually "learned". There were avoidable mistakes, but to err is human.

    I'm presently running just fine on 9.703 with the note that I did get some continuous Uplink Monitoring alerts of a constant flap (I use the default monitor, not my own configured test). I disabled the alerting for now to cut down on emails but actual Internet traffic appears to be unaffected. I do use a DHCP WAN interface so I'm not sure if this is related.... but of note based on the RCA, I do >>not<< have any sort of VPN service enabled.

  • Hello Sophos, thank you again for the update. This time everything went smoothely and all seems to be well with the update from 9.702-001 to 9.703-3.

  • "NUTM-10269 [Wireless] SSID stops broadcasting" does not appear to be fixed. I'm still needing to reboot my AP15 on a daily basis to clear this up. Extremely frustrating. I've posted my details in the Wireless Security section of the forum on 4/23 but still have not gotten any responses.