UTM Up2Date 9.506 Released

9.506 is released.

Maybe we could use this thread for reporting successful updated system and maybe not so many bugs. Who wants to be first to update? :-)

  • Updated a SG230 HA-Cluster without any issues.

    After the first Day no Problems reported so far.

    Installed it on my virt. Home UTM as well, so far no issues.

  • I would be really interested in AD SSO experiences with this patch...

    The patchnotes mentions two AD SSO NUTM´s, but are those the fixes for the kerberos ticket and proxy backend group authentication problems you find all over the newer UTM versions (v9.414+ and v9.501+)?

    The successful update of my home installation is not a sufficient yardstick for my production deployment.

  • In reply to KaySeemann:

    So far so good, everything updated on our Test UTM. I have noticed the web interfaces is snappy/faster than before. Also it appears the internet browsing through the web proxy appears faster (but this could be due to the fact after a fresh reboot). However, there is definitely speed improved for the web interface. Loading menu items is almost instant.

     I can confirm that the slow boot up bug for the lower end SG models is now fixed. My test 105w booted up in 2 minutes 30 seconds, whereas before it would take 6 minutes.

  • Also interested in hearing about AD SSO interop. I've frozen myself at 9.413-4 since May and have had to turn off automatic update downloads as the root partition of my 550 hardware cluster was filling.

    My last call with support when 9.415-1 dropped they couldn't tell me if I would run into AD issues with that or not, not a good feeling.

  • In reply to KaySeemann:

    Recently went from 9.4x to 9.5x with no issues.

    I specifically checked the AD authentication issue with a regional Sophos contact before deciding to do this.

    I'd been sitting on the older stable version out of fear of upgrading.

  • Can confirm, that there was no AD issue since 9.502-4 anymore - if you followed the instructions to rejoin the UTM to the domain once after updating.

    The releases 9.503-4 and 9.504-1 where pretty stable as well.

    Updated many boxes to 9.505-4 (including SG HA-Clusters) and some other boxes (including our company HA-Cluster) to the current release as well with no problems in AD SSO.

    Those boxes were old UTM's and Gen 1 / Gen 2 SG's - no problem. Only for HA-Cluster Upgrade from 9.4 to 9.5 I had Tech-Support stand-by in case of emergency.

  • In reply to ThorstenS:

    Hello, This thread is for 9.506 are you saying you upgraded many boxes from 9505-4 to 9.506-2?

     

    Thanks

  • In reply to StealthyM:

    Hi,

    I said, I updated a couple of boxes to the current release (9.506-2). Including our companys production HA-Cluster.

    Until now, I have found no problems, either with AD SSO or SSL VPN or other stuff I was able to test .

  • Updated HA-Cluster (SG230), no issues till now. Using proxy standard mode with AD, some IPSEC, REDs, mail protection.

  • In reply to Alexander Busch:

    I have updated our production UTM for the last few days and no issues to report whatsoever. 

     

    My home UTMs have been working fine too.

  • Scheduled the update for 3am, woke up to broken ipv6 again!

    Toggled ipv6 on/off which left the interface DOWN across ipv4 and ipv6.

    I've done very limited testing but have had to switch ipv6 off for the time being and will do some further investigation tonight.

    Was hoping that my ipv6 UTM woes had gone away as it's been stable for a couple of months now. Sigh.

  • In reply to StealthyM:

    On a german website I read about someone complaining about a non working exchange through WAF if TLS 1.1 is used. Maybe someone can confirm this. As I don't use WAF, I can't try this myself.

    Best

    Alex

  • In reply to dms:

    no issues here with IPv6 other than the persistent bugs and issues that had been in for a while now...

    EDIT: Managed to break ipv6 that even a config restore wouldn't fix. Reinstalled 9.504-2 - all working fine again.

  • In reply to Alexander Busch:

    Thanks for the link. On the same page I found this: (translated from German by Google)

    "Attention, there are problems in HA mode in the ESXi environment. After updating from 9.505-4 to 9.506-2, certain VM servers (the VMs running on the same host where the Passive UTM VM was running) were no longer accessible on the network! Only after shutting down the "passive" node were they suddenly reachable again. Rebuilding the HA did not help. I had to rest again on 9.505-4, then everything went OK again. I wait for the first time 1-2 updates, then we'll see :)"

  • In reply to City of Subiaco:

    I posted the following workaround there that might work.  This applies to VMs in HA running on the same host.

    How to resolve issues with Virtual UTMs configured for High Availability:
     1. Login to the UTM console as root.
     2. Enter the following command to determine if HA virtual_mac is enabled:
              cc get ha advanced virtual_mac
     3. If the output is 1, you can disable it by entering the following:
              cc set ha advanced virtual_mac 0
     4. Restart all virtual UTMs.

    Please let us know if this worked.

    Cheers - Bob