Sophos UTM 9.406-3 released


Up2Date 9.406003 package description:

Remark:
System will be rebooted

News:
Security Release

Bugfixes:
Fix [NUTM-1616]: [AWS] Change AMI type to HVM
Fix [NUTM-4839]: [AWS] AWS Instances in GovCloud need to use S3 buckets in GovCloud
Fix [NUTM-5013]: [Network] TCP Vulnerability (CVE-2016-5696)

RPM packages contained:
perf-tools-3.12.48-0.237935773.g86aa827.i686.rpm
ep-ha-aws-9.40-191.g83c01f2.rb1.noarch.rpm
ep-webadmin-9.40-640.g7ad4baa.rb8.i686.rpm
ep-cloud-ec2-9.40-26.g00cde1e.rb2.i686.rpm
kernel-smp-3.12.48-0.237935773.g86aa827.i686.rpm
kernel-smp64-3.12.48-0.237935773.g86aa827.x86_64.rpm
ep-release-9.406-3.noarch.rpm

  • Does not look like the DHCP MTU issue is fixed though?!

    Anyone have heard of it?

  • Installed on 6 UTM's so far - in private network :-) - Everything seems normal...

  • In reply to twister5800:

    I just tested it and I can confirm it was not fixed.

  • In reply to NathanPoulos:

    Sad to hear that...

  • In reply to NathanPoulos:

    Really unacceptable from Sophos. Over a month later a still no patch and just one comment that they are working on it? Why couldn't they revert the change in the patch they released? 

    As others have said even tho we are home users the issue has been affecting licensed business users as well and it seems they really don't care. 

    Lets not mention the installer still has misnamed RPM packages it appears they haven't fixed that as well and that issue has been going on for a LONG time.

    Just poor from a supposed enterprise software company. To me it seems like amateur hour special. 

    Anybody have suggestions for a competitor product? 

  • In reply to pclov3r:

    I am one of those paying business customers and I have to say that I am increasingly disappointed with Sophos' ability to address bugs and the quality control aspect of patching. I now have 4 up2dates waiting to be installed because one is there to fix the previous and introduces a new problem and there still isn't a fix for the MTU issue.

  • In reply to twister5800:

    twister5800

    Installed on 6 UTM's so far - in private network :-) - Everything seems normal...

    Unfortunately, nothing normal here. Installed 9.406-3 on a client network and now the 2 BO-VPN connections don't pass any traffic. Totally at a loss as to how to fix it.

    I'm not at all happy this morning.

  • In reply to Trane Francks:

    Trane Francks

    Unfortunately, nothing normal here. Installed 9.406-3 on a client network and now the 2 BO-VPN connections don't pass any traffic. Totally at a loss as to how to fix it.

    I'm not at all happy this morning.

    BO-VPN? - What is that?
    PLease post some IPSEC live logs from the device :-)
  • In reply to twister5800:

    twister5800
    BO-VPN? - What is that?

    "Branch Office VPN". Another way of saying Site-to-Site.

    PLease post some IPSEC live logs from the device :-)
    Not much to see:
    2016:09:15-20:03:55 mnres pluto[5796]: "S_FW-xxx" #17: Peer ID is ID_IPV4_ADDR: 'xxx.xxx.xxx.xxx'
    2016:09:15-20:03:55 mnres pluto[5796]: "S_FW-xxx" #17: we don't have a cert
    2016:09:15-20:03:55 mnres pluto[5796]: "S_FW-xxx" #17: Dead Peer Detection (RFC 3706) enabled
    2016:09:15-20:03:55 mnres pluto[5796]: "S_FW-xxx" #17: sent MR3, ISAKMP SA established
    2016:09:15-20:12:17 mnres pluto[5796]: "S_FW-xxx" #18: responding to Quick Mode
    2016:09:15-20:12:18 mnres pluto[5796]: "S_FW-xxx" #18: IPsec SA established {ESP=>0x1b171b9d <0x79e15ac5 DPD}
    2016:09:15-20:20:33 mnres pluto[5796]: packet from xxx.xxx.xxx.xxx:500: Informational Exchange is for an unknown (expired?) SA
    2016:09:15-20:29:40 mnres pluto[5796]: "S_FW-xxx" #17: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xb77ca9a9) not found (maybe expired)
    2016:09:15-21:00:07 mnres pluto[5796]: "S_FW-xxx" #19: responding to Quick Mode
    2016:09:15-21:00:07 mnres pluto[5796]: "S_FW-xxx" #19: IPsec SA established {ESP=>0x7bb54e65 <0x9164dfce DPD}
  • Since installing this update, my WAN interface (DHCP, plugged into a cable modem) is down.  I tried to set a manual address (the last one I had) to no avail.  

    Anyone have a solution?

    Thanks

  • Installed on 3 UTM's without problem. Two with fixed IP, 1 with dynamic address.

  • In reply to korgull:

    You may be a victim of the change from a few updates ago. Check your MTU for the WAN interface to see if it changed from 1500 to 576.

  • In reply to RyanDougherty:

    Thanks Ryan,

    That it did.  I switched it back to 1500 to no avail.


    EDIT: I see there is more to it than changing it in the GUI.  I'll wait for an update (unless there is a better solution).  I'm still doing my research on this based on the MTU problem.

  • In reply to korgull:

    From what I saw, it involved SSH.

  • In reply to RyanDougherty:

    RyanDougherty

    From what I saw, it involved SSH.

    Yeah.. I tried what was described in https://community.sophos.com/products/unified-threat-management/f/52/t/79288  

    Unfortunately, that didnt help.  My MTU stays at 1500, but the WAN still stays down (even after issuing an ifconfig eth1 down, then ifconfig eth1 up).

    Reboot didnt help either..

    Thanks