Sophos UTM 9.510-4 released - let's share experiences!

I have updated 3 UTMs, 1 Home and 2 UTM units themselves no problems yet. but these units we do not use the mail gateway function.

I have to upgrade the largest of my units (a virtual UTM), which I have asked for a schedule to install the update.

Although it was me who found the issue with the access roles not working correctly in the first place, as the dash board would give an error message (apologies for all you techs that have had issues!!).

After clearing cookies for the browser I've been using for WebAdmin (Firefox), I had no problems with the Access Roles, Jason.

I'm close to recommending this.  Is there something that I've missed here that's still a problem?

Cheers - Bob

After clearing cookies for the browser I've been using for WebAdmin (Firefox), I had no problems with the Access Roles, Jason.

I'm close to recommending this.  Is there something that I've missed here that's still a problem?

Cheers - Bob

Updated 5 UTM's so far with 9.510-5. So far no problems encountered.

Edit: typo in version corrected.

Arno, did you mean 9.510-5?

Cheers - Bob

Sorry, yes, 9.510-5 indeed..... Still no problems so looks good so far. Next weekend most likely going to also upgrade the largest site which also heavily uses mail protection.

Still no problems may be a little exaggerated.

 For one of our customers (2500 mailboxes, 1500 mobile devices), we have to move the Sophos cluster 2-3 times a day. We have Exchange behind the WAF and we suspect that the Apache web server cannot process the amount of access. The message 'Scoreboard is full' will appear in the WAF log, and shortly afterwards no Active Sync or Outlook Anywhere access will work. After rebooting the active node, everything works again until the next scoreboard error. This is actually not a very large environment there, but it seems that Sophos is only designed for home use or SMBs.

We also noticed that UTM does not support load balancing with Exchange 2016, here the Exchange servers have to be flagged as 'hot standby', which works fine with Exchange 2016.

With Exchange 2013 Load Balancing was no Problem.

That's why we opened a support ticket about 6 weeks ago, which has escalated to the development department, but so far we haven't received an answer.

For this reason, we have now routed HTTPS traffic around Sophos directly to Exchange servers and use the UTM only for SMTP spam filtering.

 Hopefully this problem will finally be solved in a future version and load balancing with Exchange 2016 will also work.

Raven, you're not the first person to report this here - that started three years ago.  Are you saying that these problems only began after Up2Dating to 9.510-5?

Have you tried the following?

cc set reverse_proxy max_threads_per_process 75

I don't know when that gets reset, but I'd guess that it would possibly be during an Up2Date.  You can check the value with:

cc get reverse_proxy max_threads_per_process

I'm surprised that Support didn't try that.

There's another thread here somewhere where the load-balancing solution for Exchange 2016 is, apparently, a different load-balancing tool.

Cheers - Bob

I asked Sophos Support about all these problems with UTM websites acting broken until the browser cache is cleared.   Level 1 support says they don't know anything about the problem because there have been no cases opened.   I am less concerned about the admin websites than I am about User Portal -- I don't want to explain how to clear cache in every browser with every user.   Has nobody made an issue about this with Support?

If you have, it would be great if you could PM your case number so that I can tell Support where to look.