UTM Up2Date 9.601 Released

Today we've released UTM 9.601. The release will be rolled out in phases.

In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.

Up2Date Information


WAF: TLS session tickets facilitate clients to speed up repeated TLS handshakes by re-using certain cipher parameters. This re-use of cipher parameters can cause encrypted connections to be less secure by impacting their perfect forward secrecy. To improve the overall security of the product, TLS session tickets are no longer enabled by the WAF.


  • Maintenance Release


  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade

Issues Resolved

  • NUTM-10492 [AWS] UTM on AWS Auto-scaling: Sync log setting to worker nodes
  • NUTM-9746 [AWS] Standby UTM on AWS sending un-encrypted daily backups
  • NUTM-9846 [AWS] IAM policy missing permission which causes conversion to fail
  • NUTM-9675 [Access & Identity] Bypass Users doesn't work for AD backend group with users
  • NUTM-9838 [Access & Identity] SSL VPN connection through Webproxy not possible
  • NUTM-10018 [Basesystem] MiddleWare starting up time takes long when having lots of multipath routes
  • NUTM-10164 [Basesystem] Delay in accessing internal services after users connect to the remote access SSL VPN
  • NUTM-10183 [Basesystem] Patch OpenSSL (CVE-2018-0732)
  • NUTM-10280 [Basesystem] cURL: NTLM Authentication Code Buffer Overrun Vulnerability (CVE-2018-14618)
  • NUTM-10306 [Basesystem] syslog-ng requiring huge amounts of memory over time
  • NUTM-9660 [Basesystem] DHCP vulnerability (CVE-2018-5732 and CVE-2018-5733)
  • NUTM-9976 [Basesystem] SG115 rev3 HA eth3 interface flapping
  • NUTM-9648 [Documentation] Static route not applying when configuring Bind tunnel to local interface on IPsec connection
  • NUTM-9712 [Documentation] ATP exception doesn't work as expected
  • NUTM-9872 [Documentation] Incorrect documentation for ReportAuditor rights
  • NUTM-10078 [Email] Help text in quarantine mail truncated in Outlook
  • NUTM-10112 [Email] User portal users still able to put senders on Whitelist even if Whitelist is disabled
  • NUTM-10186 [Email] S/MIME signed mails have an invalid signature if 3rd party CA is used
  • NUTM-10266 [Email] Wrong URL for Antispam IP reputation-check
  • NUTM-10346 [Email] High CPU usage from smtp due to deadlock/timeout
  • NUTM-10400 [Email] Coredump of SMTPD.BIN
  • NUTM-10440 [Email] SPX encryption doesn't work in case the sender address contains a "/"
  • NUTM-9787 [Email] SMTPD core dumps with signal SIGABRT
  • NUTM-10250 [Network] DNS Group Objects filling up with old IP addresses
  • NUTM-10592 [Network] PPPoE connection fails after HA upgraded to 9.6
  • NUTM-10168 [RED] REDs are displayed as "offline" even though the tunnel is working
  • NUTM-10470 [RED] No traffic goes through RED Tunnel when compression is enabled
  • NUTM-10325 [WAF] 500 Internal Server Error if max scan size limit is disabled
  • NUTM-10419 [WAF] "Web Application Protection Auditor" permission is not sufficient to load Advanced Certificates tab
  • NUTM-10133 [WebAdmin] Ping over interface does not work on VDSL PPPoE interface
  • NUTM-10273 [WebAdmin] Webadmin session will be interrupted with pop-up "Backend connection failed"
  • NUTM-9569 [WebAdmin] If an interface is deleted which is used in a policy route, it can cause a network outage
  • NUTM-10244 [Web] AFC skip user/group specific rule if the user surfs through the HTTP Proxy although the ipset exist
  • NUTM-10285 [Web] urid service restarting intermittently
  • NUTM-10390 [Web] Huge HTTP logs because of "epoll_read_until: Transport endpoint is not connected"
  • NUTM-10409 [Web] HTTP Proxy segfaults, coredumps
  • NUTM-10500 [Web] HTTP "epoll_read_until: Transport endpoint is not connected" logs still growing after patch
  • NUTM-4256 [Web] Sandboxd selfmon check sends wrong notification
  • NUTM-9968 [Web] AD SSO Transparent Proxy redirects websites to User Portal
  • Still haven't seen many UTMs pull 9.600 via Up2Date, is anybody aware of issues regarding getting 9.6 to appear through Up2Date?

  • Same here, I'm still waiting for the 9.600 up2date. Are there any news?

  • It will be provided via up2date soon. Sorry for the delay.

  • After upgrade to 9.601 without changes tsophos httpproxy[5824]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="mylocalip" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffEveryone (Everyone)" size="0" request="0xd37fa700" url="au.download.windowsupdate.com/.../am_delta_patch_1.285.1448.0_0c6bda89d1753049fea590a6e23c7542d3f4b47b.exe" referer="" error="" authtime="0" dnstime="2" aptptime="130" cattime="138" avscantime="0" fullreqtime="10162176" device="0" auth="0" ua="Microsoft BITS/7.8" exceptions="av,sandbox,ssl,fileextension,size" category="175" reputation="trusted" categoryname="Software/Hardware" content-type="application/octet-stream" application="winupdat" app-id="596" reason="range"

    o my config, Windows Updates stopped working today.

    Disabling AV scan did not help. Sites are in exceptions list for WebSecurity

  • Same here, also  waiting for the 9.600 up2date.  Regards!

  • Can I ask what the delay is for 9.600?  I have been advised to update manually to 9.601 to fix the Transport endpoint is not connected issue.

  • I spoke to Sophos support about not getting 9.600 and was told "But not getting the automatic update of 9.6 is not a issue for now , as I see many customers that do not get the automatic update and I confirm that with my Senior and they confirm me that we are still pushing the update." so its a wait and see I guess, ive got both physical and virtuals awaiting these updates.

  • I have a virtual UTM, and even though I have an update waiting (9.600-5) for install, I have tried many times to upload the new up2date file, without it staying available on the UTM. While the update does update and I can actually schedule the install later when I log into the UTM, the Update is missing, and the schedule has been removed (because I put it on the second update to install both updates), this is most frustrating.

  • I'm also failing to get 9.600+ updates via Up2Date. Frustrating.

  • My Site2-Site RED tunnel between 2 UTMs is not working any more with this release.

  • With any new realase the good old (and quick fix support with community) astaro turns more and more into crap.

    Sophos if you are not able to handel it, give it back to people how know what they are doing.

    The time u need to release an update in this critical environment >>firewall<< is a complete NO GO !

  • My RED tunnel problems fixed themself after some more reboots.


    Ranting without mentioning the concrete problems you have doesn't help anyone.

  • Still waiting here........