Related
Recommended
AlanT

Hi Everyone, 

We've just released 9.402 to the Up2date servers. This is a full GA release, meaning that all firewall running will be offered the automatic update.

New Features in 9.4

Sandboxing for SMTP and Web

  • Most next-generation sandboxing solutions designed to identify unknown malware are too complex and expensive for most businesses like yours to even consider. That’s why we’ve developed Sophos Sandstorm, a new subscription option that gives you an advanced malware defence solution that’s effective and affordable. Sandstorm is a cloud-based sandbox solution that provides targeted attack protection, visibility and analysis that rises above the competition.
  • Sandboxing allows to enforce rules about sending items the users download to a sandboxing service before they get access to them so that the organization has protection against emerging threats that are not recognized by malware or URL scanning. Furthermore, it is possible to enforce rules about sending suspicious email attachments to a sandboxing service before the message containing them gets delivered so that the organization has protection against emerging threats that are not recognized by malware scanning

Clientless SSO (STAS) 

  • Sophos Transparent Authentication Suite (STAS) provides reliable transparent SSO authentication for network users, without requiring a client on the endpoint. STAS employs an agent on the Microsoft Active Directory Server that monitors and stores authentication activity and exchanges authentication information with the Sophos UTM, making user-based policy rules and enforcement easy.

IPv6 Support for SSL VPN

  • IPv6 SSL VPN Support adds much requested support for IPv6 VPN connectivity with Sophos UTM.

Support for new RED15w

  • RED 15w adds integrated wireless to the new RED 15 with a single radio supporting 802.11n 2×2:2 MIMO.  Expected availability is March 2016.

Support for new 4x10G FP 1U network module

  • 4x10G SFP+ Flexi-Port Module for the 1U SG Series models brings a whole new level of flexible connectivity and performance with four port support for a variety of optical or electrical transceivers. Expected availability is March 2016.

WAF persistent session cookies

  • WAF Persistent Session Cookies improve the user experience when interacting with business applications protected by the Sophos UTM, reducing repeated sign-in prompts.

Remarks

  • System will be rebooted
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade

Bugfixes 

  • NUTM-1955 [Access & Identity] 35658: VLAN Interface on top of a bridge disappears from Slave after Reboot
  • NUTM-1958 [Access & Identity] 34242: Communication error with Amazon AWS server
  • NUTM-2129 [Access & Identity] 36050: File Copy from network share over RED50 does not work in one direction
  • NUTM-2234 [Access & Identity] 35592: Backup from 220 to 230 caused eth3 to exist two times
  • NUTM-2449 [Access & Identity] 36228: RED Server sends more peers as peers are configured
  • NUTM-2706 [Access & Identity] Still coredumps from argos after installing the new fix from mantis 35353
  • NUTM-2842 [Access & Identity] 35423: irqd: Support more than 32 cpus
  • NUTM-2844 [Access & Identity] 36028: 82546GB Gigabit Ethernet Controller: Reset adapter / Detected Tx Unit Hang
  • NUTM-2950 [Access & Identity] RED15: fix dnsmasq for transparent/split
  • NUTM-3049 [Access & Identity] 36382: reds-interface does not get IP after re-activating RED device
  • NUTM-3083 [Access & Identity] IPv6 address in log line shortened
  • NUTM-3190 [Access & Identity] IPsec site-to-site: Limit of listening interfaces of 300
  • NUTM-3252 [Access & Identity] High disk I/O during pattern update on smaller UTM appliances
  • NUTM-3522 [Access & Identity] RED15 with static uplink and dns name as utm hostname doesn't work correctly
  • NUTM-3661 [Access & Identity] After deleting red15w mdw crashes
  • NUTM-1371 [Basesystem] 35523: adbs-maintenance.plx - ERROR: canceling autovacuum task - waits for ShareUpdateExclusiveLock/AccessExclusiveLock
  • NUTM-1798 [Basesystem] 35862: Confd doesn't check for valid local time which can lead to dashboard error
  • NUTM-2804 [Basesystem] 36226: Network Utillization on HW LCD doesn't match iftop and webadmin values
  • NUTM-3325 [Email] Bug on Malware scanning UI Text
  • NUTM-3558 [Email] Sandbox result shows up in messages
  • NUTM-3575 [Email] Detailed view defective for Sandstorm pending mails
  • NUTM-3582 [Email] smtpd sometimes gets stuck when creating a cluster
  • NUTM-3620 [Email] Add capabilities to Quarantine manager's spool tab to handle multiple items for the same massage
  • NUTM-2015 [HA/Cluster] Prevent users from changing postgres_secret
  • NUTM-2290 [HA/Cluster] Prevent backup import from changing postgres_secret
  • NUTM-2677 [HA/Cluster] 36293: The Slave node in HA doesn't show any resource usage
  • NUTM-1956 [Network] 35582: flow monitor invents traffic on wlan1 interface
  • NUTM-2236 [Network] 34828: don't start dhclient without interface
  • NUTM-3156 [Network] Slave interface IP where WAF is listen to get lost after a while
  • NUTM-3304 [Network] nic-naming: Provide a fix for delayed 210r2 software support
  • NUTM-3176 [Reporting] In web usage reporting some domains show up as only the suffix
  • NUTM-2779 [WAF] WAF - Slow HTTP error messages do not match the description
  • NUTM-3175 [WebAdmin] It is not possible to select a vlan interface for the "Ping Check"
  • NUTM-3177 [WebAdmin] Sort function in EPP manage computer didn't work correctly
  • NUTM-3184 [WebAdmin] Etc\Greenwich set as timezone causes error on dashboard
  • NUTM-3185 [WebAdmin] Issues while using the "Search Log Files" tab in the "View Log Files" part of webadmin
  • NUTM-3311 [WebAdmin] Remove Support for TLS v1.0 from Apache Configuration
  • NUTM-3109 [Web] Proxy stops working without segfault or hint in the logs
  • NUTM-3114 [Web] ADSSO join didn't work with special characters like \xF6
  • NUTM-3123 [Web] HTTP Log is flooded with "Server delivered only 0 of X bytes" messages
  • NUTM-3124 [Web] HTTP proxy intermittently stuck in 'recv: Input/output error'
  • NUTM-3577 [Web] High CPU Load after update to 9.4
  • NUTM-3076 [WiFi] Split network modes do not work with RED15w
  • NUTM-3418 [WiFi] RED15w forgets its wireless encryption key after reboot
  • NUTM-3188 [[Backend/Devel] Confd] Domain-Regex object deployed from SUM will be created more than once
  • NUTM-3189 [[Backend/Devel] Confd] Auto packetfilter rule is not updated if the destination service object of a NAT will be changed

Up2Date Installation

Sophos Up2Date technology makes it easy to upgrade your Sophos UTM to the latest version.
There are two ways to apply an already-downloaded Up2Date package to the system:

  1. Log on to WebAdmin, navigate to Management > Up2Date > Overview and use "Update to latest version now" to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
  2. Download the Up2Date package from our HTTP or FTP Server and install it under Management > Up2Date > Advanced.

If you want to provide feedback or want to discuss any of the UTM V9 features you should post it on our user community forums. Please indicate the version you are using to help us (and everyone helping you).

Feedback

  • If you have any feedback on our help, manual, or any documentation (Online Help) please send it to nsg-documentations@sophos.com.
  • You are free to use our new demo server environment without hassle, nags, or registration. Enjoy!
  • If you have any questions or comments regarding this release, please see our online forums for more information.

Alan Toews
Technical Product Manager

Unfiltered HTML