Upgrade to UTM 9.601-5 firmware doesn't start FW NAT rules on boot

Hi,

I got information from my UTM that a new firmware 9.601-5 was available. I installed it and after reboot I discover that all my NAT rules where not activated ! I had to go on each one and disable/enable them to get back the working setup :(

I did it with some of them and then reboot the UTM: again rules where not applied. Disable/enable them and evrything is OK.

For some rules I didn't apply the "automatic firewall rules" in GUI but had create myself the FW rules: those NAT rules where activated. But for NAT rules with forwarding ports to other physical hosts but *not the host himself and the VMs running on it where the UTM lies* doesn't matter which setup (manual or automatically), I have to activate "automatic FW rules" and disable/enable the rules to get them working.

No need to say that prior firmware versions didn't had this problem.

Does anyone face the same problem and confirm?

Daniel

  • In reply to Daniel Huhardeaux:

    Daniel Huhardeaux
     

    That's still not fixed with this version.

    As told few weeks ago, people from Sophos France are studing the case (I gave them access on 2 UTM software having the problem) but that still not find out where the problem lies.

    Daniel

    Bummer, thanks for the confirmation Daniel and J_Money.

  • In reply to JasonG:

    Still no update for this issue?

    I'm still on firmware 9.602-3 and will update my appliance soon to 9.604-2 but I doubt that it resolves the problem as far as I read.

    When will it be fixed?

    This is a really annoying bug...

  • In reply to DeltaSM:

    Firmware version: 9.604-2

    Same issue affecting me, is there any update on this? Please let me know.

    Thanks you

  • In reply to aaa kkk:

    Hi,

    just installed 9.605-1 and problems disappears.

    Daniel

  • In reply to Daniel Huhardeaux:

    I've also been having this issue for a while (i think it started 9.601, might be earlier, but i'm not sure), assuming it would be fixed in a subsequent update.

    We're now several updates further, and so far 9.605-1 did *not* fix it for me either.

    It's starting to seem kind of silly that after every reboot i have to disable and enable one of my DNAT rules before they all start working...

  • In reply to M1tch:

    Hoi M1tch and welcome to the UTM Community!

    Have you tried the trick I suggested earlier in this thread to add a cron job @reboot that disables/enables a DNAT rule?

    Cheers - Bob

  • In reply to BAlfson:

    I have now, it does seem to work!

    This bug might confuse a lot of people, and actually break things meanwhile. It seems silly something like this can drag on for a couple of updates...

  • In reply to M1tch:

    Checking in to confirm that the problem still exists for me as well in 9.605-1

  • In reply to BAlfson:

    : if guess that the cron job is just is a workaround for now? I mean this is not an official solution? I would like to avoid to do such things on my appliance.

    : did you apply BAlfson solution before updating last firmware? Or was the problem solved by just updating the firmware?

    I will try the new firmware in 10 days and will give you my feedback once it's done.

  • In reply to DeltaSM:

    DeltaSM


    : did you apply BAlfson solution before updating last firmware? Or was the problem solved by just updating the firmware?

    I didn't apply BAlfson solution, just upgraded and it gone. I will upgrade another UTM this week-end and see if problem disappear too.

    Daniel

  • In reply to DeltaSM:

    I don't know if this is in any Sophos KB article or post by a Sophos employee.  I came up with this workaround on my own.

    I note that this issue isn't listed under Bugfixes in the information about 9.605.

    Cheers - Bob

  • In reply to Daniel Huhardeaux:

    Daniel Huhardeaux

    I didn't apply BAlfson solution, just upgraded and it gone. I will upgrade another UTM this week-end and see if problem disappear too. 

    On another system problem is still existing.

  • In reply to Daniel Huhardeaux:

    Daniel Huhardeaux

    just installed 9.605-1 and problems disappears.

    I restarted the UTM to check if effectively problem is gone: is not :( I had again to deactive/active each rule ...

  • In reply to Daniel Huhardeaux:

    Same here, issue still persists after latest update. Does sophos even care abount fixing this crap issue?

  • In reply to aaa kkk:

    Hi all,

    this morning I got answer from Sophos France support: working on our logs they found the problem which should be resolved with version 9.7 expected current october. (!)

    Daniel