This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrade to UTM 9.601-5 firmware doesn't start FW NAT rules on boot

Hi,

I got information from my UTM that a new firmware 9.601-5 was available. I installed it and after reboot I discover that all my NAT rules where not activated ! I had to go on each one and disable/enable them to get back the working setup :(

I did it with some of them and then reboot the UTM: again rules where not applied. Disable/enable them and evrything is OK.

For some rules I didn't apply the "automatic firewall rules" in GUI but had create myself the FW rules: those NAT rules where activated. But for NAT rules with forwarding ports to other physical hosts but *not the host himself and the VMs running on it where the UTM lies* doesn't matter which setup (manual or automatically), I have to activate "automatic FW rules" and disable/enable the rules to get them working.

No need to say that prior firmware versions didn't had this problem.

Does anyone face the same problem and confirm?

Daniel



This thread was automatically locked due to age.
Parents
  • HI Everyone

     

    So glad to see this issue confirmed here - I am NOT going mad after all.  We've had some really big problems with this ; causing us embarrasment and our client's outages

    I can confirm the same activity on a few dozen of my UTMS - I am not sure what UTM firmware version this started with but I've seen it for a month or two at least. After a UTM reboot I need to DISable / ENable the NAT rules to get inbound NAT traffic started again. Not always ALL NAT rules it seems, can be just one rule out of dozens - I am now so scared to update firmware or reboot it's silly,  as I need to try every NAT rule after a reboot and I have so many UTMs to do this on. 

     

    Last post on this thread was Jun 7th - any updates from anyone yet?

     

    Thanks

    Grant AU

  • Hi Grant - welcome to the UTM Community!

    You might want to use the trick I outlined in April when this phenomenon first appeared.  If the issue only occurs at reboot, use "@reboot" instead of "0 4 * * *" in the cron jobs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Did this happen to get fixed in 9.603-1, or are users still seeing this behavior on that firmware?

  • From experience I can say this is still happening.  Firewalls I manage on 9.603-1 are coming up with non-functional NAT FW rules.  This is occurring both during reboots and cold boots across different hardware platforms (SG105, SG135, SG210) as well as my personal home software installation.

  • JasonG said:

    Did this happen to get fixed in 9.603-1, or are users still seeing this behavior on that firmware?

     

     

    That's still not fixed with this version.

     

    As told few weeks ago, people from Sophos France are studing the case (I gave them access on 2 UTM software having the problem) but that still not find out where the problem lies.

     

    Daniel

  • Daniel Huhardeaux said:
     

    That's still not fixed with this version.

    As told few weeks ago, people from Sophos France are studing the case (I gave them access on 2 UTM software having the problem) but that still not find out where the problem lies.

    Daniel

    Bummer, thanks for the confirmation Daniel and J_Money.

  • Still no update for this issue?

    I'm still on firmware 9.602-3 and will update my appliance soon to 9.604-2 but I doubt that it resolves the problem as far as I read.

    When will it be fixed?

    This is a really annoying bug...

Reply Children