My lab system was Up2Dated to 9.703-2 Thursday evening at 10PM CDT (UTC -0500) and all connection with the outside world immediately stopped.  My local connection would work normally a few minutes at a time and then everything would lock up for a few minutes.  I could not identify the problem with top, but did see a lot of zombie confd processes.  I lost the entire day of Friday because my wife has a big project due next week and was working via Microsoft Teams all day with her colleagues.

I will suggest to Sophos that the file be removed from the ftp site. Grumble.

Cheers - Bob

  • In reply to zaphod:

    Apparently, there's a patch for 9.703 that fixes a conflict that 9.703 had with IPsec.  I will test that in about 3 hours.

    Cheers - Bob

  • Hi All,

    A new v9.703 update is currently being tested, and is targeted for release during the week of Apr 20. Both customers running on v9.702 and the previous version of v9.703 will be able to upgrade to this new version. 

    The Advisory KBA has been updated to provide more information regarding this incident:



  • In reply to FloSupport:

    Hello Flo_Support,

    this is the first time I feel like being informed about this matter in a timely manner and directly from a Sophos source. I appreciate that very much.

  • In reply to jprusch:

    I agree it is novel that we are actually told something constructive from Sophos.

    but is this premature? are we looking at another RED issue that was not fixed for six months (even though they 'said' they had fixed it twice)? - apologies the cynic in me came out ... 

    I do understand that they do a lot of work in the back-ground, the UTM has had little or no information about updates, new builds, EAP or Road Maps. Will this change now?


    Although this should not have happened in the first place!

    will I get some sort of recompense for having to go into work (on Bank Holiday Monday) to fix the issue (by rebuilding the firewall from scratch)?


    I always try to look on the positive side, the issues with the UTM and associated equipment has been un-helpful.

  • In reply to FloSupport:

    Hi All,

    UTM v9.7 MR3 was re-released on, 23 April 2020.

    More info available in the UTM release notes post.


  • In reply to FloSupport:


    Hi, thanks for your info. Would you please keep us informed about the new XG V18 MR1 ?

  • In reply to Argo:

    First of all, I would like to sincerely apologize to anyone who was affected by this issue. There was a gap in our testing for this 9.703 release, and the problem should've never made it into the field. Additionally we should've reacted more quickly when some of you reported this issue on the forums. 

    As you can see from the KBA that was posted, we have done a detailed analysis on what went wrong (not just the bug, but how we reacted & our testing process), and have/will put improvements/additional safeguards in place to ensure something like this doesn't happen again. We will learn from this, and continue to improve. 

    As for whether this is another RED50 issue: Fundamentally this issue and the RED50 problem are very different. The RED50 issue was related to the hardware (specifically how the driver reacts when the underlying flash storage degrades - which is normal for flash drives), and it took us a long time to reproduce the problem even after getting failed units shipped back to Engineering for analysis (it is indeterministic when flash drives will degrade). Once we were able to reproduce/see the problem, we moved quickly to address it (the delay wasn't due to a lack of focus/trying). This 9.703 issue does not have any hardware component, and we were able to reproduce, isolate & understand the problem quickly, so we can confidently say the new 9.703 update that was re-released today has the problem addressed. 

    Again I would like to apologize to all who were affected by this issue. We should be better, and we will be. I also would like to thank BAlfson for reporting this issue first, and working with us on the solution. 

  • In reply to bobbylam:

    Based on comments here in the Community and my persistence, Sophos actually removed 9.703-2 from the Up2Date servers even though they had yet to reproduce the problem in their labs.  Sophos deserves a pat-on-the-back for breaking their own rules in dealing with this issue.

    9.703-3 works great!

    Cheers - Bob