Thread Info
  • State Suggested Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 62 replies
  • Answers 2 answers
  • Subscribers 13 subscribers
  • Views 72753 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrade to UTM 9.601-5 firmware doesn't start FW NAT rules on boot

Daniel Huhardeaux

Hi,

I got information from my UTM that a new firmware 9.601-5 was available. I installed it and after reboot I discover that all my NAT rules where not activated ! I had to go on each one and disable/enable them to get back the working setup :(

I did it with some of them and then reboot the UTM: again rules where not applied. Disable/enable them and evrything is OK.

For some rules I didn't apply the "automatic firewall rules" in GUI but had create myself the FW rules: those NAT rules where activated. But for NAT rules with forwarding ports to other physical hosts but *not the host himself and the VMs running on it where the UTM lies* doesn't matter which setup (manual or automatically), I have to activate "automatic FW rules" and disable/enable the rules to get them working.

No need to say that prior firmware versions didn't had this problem.

Does anyone face the same problem and confirm?

Daniel



This thread was automatically locked due to age.
  • 0

    Daniel Huhardeaux said:

    [...] But for NAT rules with forwarding ports to other physical hosts but *not the host himself and the VMs running on it where the UTM lies* doesn't matter which setup (manual or automatically), I have to activate "automatic FW rules" and disable/enable the rules to get them working.

    This point is solved, I did a mistake in my FW rules for those destinations, sorry for the noise.

    Daniel

     

  • 0 in reply to Daniel Huhardeaux

    Hello Daniel,

    I have the same problem and it's pretty annoying. Did you have any feedback about this?

    Regards,

    DeltaSM

  • 0 in reply to DeltaSM

    It's rare, but sometimes the Up2Date process "breaks" something in the configuration databases.  I've only experienced this twice in my client base in well over a decade.

    The first thing to try is to restore the backup made prior to the last application of Up2Dates.  That worked immediately in one case.  In the other, two extra reboots solved the problem.  The reboots may have been all that was necessary, but restoring a configuration backup is virtually instantaneous and not disruptive.

    Did that fix your issue?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to DeltaSM

    A case is open at Sophos France, I have no reply from them.

    Daniel

  • 0 in reply to BAlfson

    Hi Bob,

    on the UTM I face this problem -I stopped to upgrade others till problem is not solved- I modify the setup by creating myself the fw rules and disable the automatic rule creation form NAT tab.

    Daniel

  • 0 in reply to BAlfson

    Problem is I can't restart easily as this UTM is in production environment.

    I also sent a support case. I will send you information once I've got news from Sophos.

  • 0 in reply to DeltaSM

    Hello Daniel,

    Did you have any feedback about this issue?

    I just upgraded to last firmware (9.602-3) and the issue is still present.

    : maybe I can try to load an old config but I would not prefer to do this... Maybe deleting and recreating could fix this issue?

  • 0 in reply to DeltaSM

    Hello DeltaSM,

    no news from support :( and I confirm that problem is still existing with 9.602-3. Will contact them again.

    Daniel

  • 0 in reply to Daniel Huhardeaux

    Hello Daniel,

    It seems that we're in the same situation. Can you keep me in touch if you have any news?

    Are you French? We come from Belgium and could give you our email address in private to exchange some information if needed.

    This problem is very annoying Sophos !

    Regards,

    DeltaSM

  • 0 in reply to DeltaSM

    Yes, according to the IP addresses from which you're posting, French is the native tongue for both of you.

    Guys, you can make a new backup, try restoring the backup as I suggested above to see if that fixes the issue.  You can then restore the new backup and evaluate how difficult it would be to go to the older backup and red any changes made since then.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML