The initial UTM 9.703 release was pulled back and replaced with a new build (9.703-3), where the code change for "NUTM-11173 [Basesystem] IPsec doesn't re-connect on DHCP interface after firmware upgrade" is reverted. More information and RCA can be found in the KBA at: https://community.sophos.com/kb/en-us/135383.
The new version of UTM 9.703 is available at our download server.
There are two update packages available:
Both update will be available via our Up2Date server later.
Hello, thank you for the update. I tried to update 3x from a working 9.702-001 to 9.703-2, and always had major problems after it. No access to the GUI of the UTM, no internet connection. As emails I received:
Middleware not running - restarted
System Uptime : 0 days 0 hours 3 minutes
System Load : 1.77
System Version : Sophos UTM 9.703-2
Please refer to the manual for detailed instructions.
9.703-2 without problems
I waited even a few hours if the UTM maybe needed some more time, to no avail. MD5-checksum was correct. Have now re-installed 9.702-001 and restored a backup-config, all ist working perfectly well again.
Killed my virtual Sophos UTM as well... 9.701 --> 9.703
Same situation as Markus, got the Webadmin running for 60 seconds thou...
Reinstalled 9.702 and restored from Backup :-(
Strange, I updated 9.702-001 to 9.703-2 and had no issues. I run UTM home license inside Proxmox, so virtual inside KVM.
Gui and internet both work.
Updated my software firewall updated from 9.701 --> 9.703 just fine this morning, about 5 hours ago. Reboot took a bit longer than expected but I can't say for sure. Everything seems to be running just fine though.
One observation however is that 'Management->Licensing->Active IP Addresses' currently shows 0 in use. I'm not sure if thats due to less than 24 hours since reboot or ???? but as I've actually been pushing the limit, I'm not complaining. More than likely however it's tracking just fine and the error is that it's not reporting it. Afraid I may breach and not know it.
10 April 2020
DO NOT INSTALL 9.703!!! DO NOT INSTALL 9.703!!! DO NOT INSTALL 9.703!!! DO NOT INSTALL 9.703!!!
I recommend that this version be withdrawn. See my post: community.sophos.com/.../434475
Cheers - Bob
Have installed 1 x SG210 and 1xUTM 220 both running ASG Software version, had no issues, been running for 12 hours, just to participate in this. Both from the looks beneath, I should have been carefull and not "lucky" ;)
I installed it on two SG 125s today and have not seen any problems yet.
Seems there is something seriously broken in 9.703.
I have to go down to MTU=1320 at several sites since we updated to that version there to reach resources outside the LAN.
This happens with SG210, SG230, SG135w, SG115w, SG105 and a software appliance as well.
Since the rest of the equipment in the networks didn't change, I suspect something is wrong with MSS and / or MTU handling.
I think it is time to publish either an emergeny patch or withdraw 9.703!
People are reporting problems since 5 days and no comment from Sophos, I don't believe it!
I updated a customer's SG135w last Thursday, and was facing very similar issues as Markus mentioned.
Update path was from 9.702001->9.703002.
Immediately after reboot the appliance was able to send few emails, e.g. about middleware not running, Web GUI was accessible, but responding slowly. After a few minutes it wasn't possible anymore to access the GUI, no ping response anymore, and all ethernet interfaces seemed to be flapping every few minutes, no internet access, because web protection proxy was also unreachable.
And the bad thing: since the device was responding only for a minute or 2 after reboot, we weren't able to export some logs, before we decided to enforce a clean re-install of the previous version.
The only way to get it back into operation was to reinstall 9.702001 from a DVD and to restore the latest backup we luckily had.
I installed the 9.703 release on my SG115 before I found this thread, and luckily I haven't had the problems reported here. However, I'm sure I would've rolled the dice anyways as I've been experiencing what I suspect is this bug:
NUTM-10269 [Wireless] SSID stops broadcasting
Since I've been working remotely lately this has been especially problematic. I probably have to reboot my access point once a day now, as the wireless just stops working at the most inopportune times (of course).
Unfortunately, 9.703 did not help this problem at all. With this new version installed, my wireless network still randomly stops broadcasting at least once a day requiring me to reboot the access point either by pulling the plug on the AP or doing an SSH to the SSG115 from my desktop and using "awetool".
I certainly hope this gets fixed soon.
Very interesting to read the updated Root Cause Analysis and refreshing to see a company own up to some miscommunication publicly. I am by no means bashing, but hope lessons learned are actually "learned". There were avoidable mistakes, but to err is human.
I'm presently running just fine on 9.703 with the note that I did get some continuous Uplink Monitoring alerts of a constant flap (I use the default monitor, not my own configured test). I disabled the alerting for now to cut down on emails but actual Internet traffic appears to be unaffected. I do use a DHCP WAN interface so I'm not sure if this is related.... but of note based on the RCA, I do >>not<< have any sort of VPN service enabled.
Hello Sophos, thank you again for the update. This time everything went smoothely and all seems to be well with the update from 9.702-001 to 9.703-3.
Thank you very much!
"NUTM-10269 [Wireless] SSID stops broadcasting" does not appear to be fixed. I'm still needing to reboot my AP15 on a daily basis to clear this up. Extremely frustrating. I've posted my details in the Wireless Security section of the forum on 4/23 but still have not gotten any responses.