After MR7 , IPS Pattern fails to update 3.13.89

Hi All,

IPS is not updating anymore after MR7. Can someone else confirm this behaviou?

Thanks

  • Hi,

    I have same problem, after MR7 IPS is not updating.

    also internal mail server stop receving mail.

    The XG is configured as Trasparent proxy for smtp.

    I go back to MR6 and mail now work fine. I still have error in IPS update.

  • In reply to Andrea Clemente:

    Hi

    I have same problem with MR7 . XG is configured as transparent proxy. I have rolled back to MR6 Mail is working fine but Still IPS is not updating.

    BR

    Vishvas

    IPS and Application signatures
    3.13.89
    -
    19:49:29, Aug 24 2017
    Failed
  • In reply to VishvasChitale:

    Same issue with my firewall at home. Upgraded our main units at work though and do not have the issue. My home firewall is an SG125 running the software version of SFOS. Wonder if it is only the software version that is having issues?

  • In reply to MichaelBolton:

    HI , 

    Sorry to hear that, could you print the output by executing the command in Shell using Optio 5 >3

    #tail -f /log/u2d.log 

    Run the pattern update.

    Post the logs (Obfuscate the Serial ID of your appliance of your discretion )

  • In reply to Aditya Patel:

    SFVH_SO01_SFOS 16.05.7 MR-7# tail -f /log/u2d.log
    DEBUG Aug 25 09:52:23 [16637]: Added new server : Host - eu-west-1.u2d.sopho
    s.com., Port - 443
    DEBUG Aug 25 09:52:23 [16637]: Added new server : Host - us-west-2.u2d.sopho
    s.com., Port - 443
    DEBUG Aug 25 09:52:23 [16637]: Added new server : Host - ap-northeast-1.u2d.
    sophos.com., Port - 443
    DEBUG Aug 25 09:52:23 [16637]: Final query string is :
    ?&serialkey=                             &deviceid=cfe24d65-10f7-4a9a-9c6d-6182f3e3919f&fwvers
    ion=16.05.7.305&productcode=CN&appmodel=SF01V&appvendor=SO01&useragent=SF&oem=&p
    kg_ips_version=3.13.89&pkg_ips_cv=12.0&pkg_atp_version=1.0.0156&pkg_atp_cv=1.00&
    pkg_savi_version=1.0.11406&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1
    .0.20419&pkg_avira_patch=2&pkg_avira_cv=1.00&pkg_clientauth_version=1.0.0008&pkg
    _clientauth_cv=2.00&pkg_apfw_version=9.0.001&pkg_apfw_cv=1.00&pkg_redfw_version=
    2.0.008&pkg_redfw_cv=2.00&pkg_waf_version=1.0.0006&pkg_waf_cv=1.00&pkg_sslvpn_ve
    rsion=1.0.007&pkg_sslvpn_cv=1.00
    DEBUG Aug 25 09:52:23 [16637]: Response code : 200
    DEBUG Aug 25 09:52:23 [16637]: Response body :
    <Up2Date/>

    DEBUG Aug 25 09:52:23 [16637]: Response length : 11
    DEBUG Aug 25 10:00:55 [18048]: --serial =  
    DEBUG Aug 25 10:00:55 [18048]: --deviceid = cfe24d65-10f7-4a9a-9c6d-6182f3e3
    919f
    DEBUG Aug 25 10:00:55 [18048]: --fwversion = 16.05.7.305
    DEBUG Aug 25 10:00:55 [18048]: --productcode = CN
    DEBUG Aug 25 10:00:55 [18048]: --model = SF01V
    DEBUG Aug 25 10:00:55 [18048]: --vendor = SO01
    DEBUG Aug 25 10:00:55 [18048]: --pkg_ips_version = 3.13.89
    DEBUG Aug 25 10:00:55 [18048]: --pkg_ips_cv = 12.0
    DEBUG Aug 25 10:00:55 [18048]: --pkg_atp_version = 1.0.0156
    DEBUG Aug 25 10:00:55 [18048]: --pkg_atp_cv = 1.00
    DEBUG Aug 25 10:00:55 [18048]: --pkg_savi_version = 1.0.11406
    DEBUG Aug 25 10:00:55 [18048]: --pkg_savi_cv = 1.00
    DEBUG Aug 25 10:00:55 [18048]: --pkg_avira_version = 1.0.20419
    DEBUG Aug 25 10:00:55 [18048]: --pkg_avira_cv = 1.00
    DEBUG Aug 25 10:00:55 [18048]: --pkg_apfw_version = 9.0.001
    DEBUG Aug 25 10:00:55 [18048]: --pkg_apfw_cv = 1.00
    DEBUG Aug 25 10:00:55 [18048]: --pkg_waf_version = 1.0.0006
    DEBUG Aug 25 10:00:55 [18048]: --pkg_waf_cv = 1.00
    DEBUG Aug 25 10:00:55 [18048]: --pkg_sslvpn_version = 1.0.007
    DEBUG Aug 25 10:00:55 [18048]: --pkg_sslvpn_cv = 1.00
    DEBUG Aug 25 10:00:55 [18048]: --pkg_clientauth_version = 1.0.0008
    DEBUG Aug 25 10:00:55 [18048]: --pkg_clientauth_cv = 2.00
    DEBUG Aug 25 10:00:55 [18048]: --pkg_redfw_version = 2.0.008
    DEBUG Aug 25 10:00:55 [18048]: --pkg_redfw_cv = 2.00
    DEBUG Aug 25 10:00:55 [18048]: Added new server : Host - eu-west-1.u2d.sopho
    s.com., Port - 443
    DEBUG Aug 25 10:00:55 [18048]: Added new server : Host - us-west-2.u2d.sopho
    s.com., Port - 443
    DEBUG Aug 25 10:00:55 [18048]: Added new server : Host - ap-northeast-1.u2d.
    sophos.com., Port - 443
    DEBUG Aug 25 10:00:55 [18048]: Final query string is :
    ?&serialkey=                            &deviceid=cfe24d65-10f7-4a9a-9c6d-6182f3e3919f&fwvers
    ion=16.05.7.305&productcode=CN&appmodel=SF01V&appvendor=SO01&useragent=SF&oem=&p
    kg_ips_version=3.13.89&pkg_ips_cv=12.0&pkg_atp_version=1.0.0156&pkg_atp_cv=1.00&
    pkg_savi_version=1.0.11406&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1
    .0.20419&pkg_avira_patch=2&pkg_avira_cv=1.00&pkg_clientauth_version=1.0.0008&pkg
    _clientauth_cv=2.00&pkg_apfw_version=9.0.001&pkg_apfw_cv=1.00&pkg_redfw_version=
    2.0.008&pkg_redfw_cv=2.00&pkg_waf_version=1.0.0006&pkg_waf_cv=1.00&pkg_sslvpn_ve
    rsion=1.0.007&pkg_sslvpn_cv=1.00
    DEBUG Aug 25 10:00:55 [18048]: Response code : 200
    DEBUG Aug 25 10:00:55 [18048]: Response body :
    <Up2Date/>

    DEBUG Aug 25 10:00:55 [18048]: Response length : 11

     

     

  • In reply to Andrea Clemente:

    Hi, I have the same problem [SG115w with XG on board]. After applying MR7 I receive messages, but my mails won't go to recipients.

    Any ideas how to fix it without roll back to MR6?

  • In reply to Aditya Patel:

    we need a solution/workaround.

    Thanks

  • In reply to MichaelBolton:

    For what its worth, I am running the home version SFOS, software version, just updated to MR7 and the IPS patterns updated to 3.13.89 ok for me.  I have not yet updated my XG210 appliance.

  • MY status?

    IPS and Application signatures
    3.13.89
    -
    11:42:22, Aug 24 2017
    Downloading...

    Since the upgrade.

    Houston, we have a problem.

    Regards,

     

     

  • In reply to Luiz Mauricio Barcelos daSilva1:

    Luiz,

    On my home XG same behavior and then it failed after some hours.

  • In reply to lferrara:

    Hi,

    my IPS is still downloading the update.

    My daily reports (3) have not arrived yet. They are generated at approx 1am.

    Ian

     

    Update:- restarted the XG, the missing reports appeared and the downloading IPS pattern is now showing failed. I have tried manually initiating a download (update) but the IPS still shows failed.

    Ian

  • Two other appliances updated fine the IPS. No problem with them.

    Regards,

  • In reply to rfcat_vk:

    Ian,

    just want to confirm that my daily reports have 2 hours of delay. test email from reporting sends email correctly (in time).

  • In reply to lferrara:

    Hi All,

    MR7 also does not download other patterns, such as AV. After many hours, the "download" state, and the new automatic pattern download sessions do not start.

    So we have a problem with MR7.
    When the time comes that new firmware version will not break anything ??

    Regarsd
    Jan

  • In reply to JanSadlik:

    Hi All

    With MR7 only receiving of mail is not working as well as IPS Update is not working.  Log viewer also does not show Email logs. While rolled back to MR6 ,Every thing is OK except IPS is not updating.

    IPS and Application signatures
    3.13.89
    -
    19:49:29, Aug 24 2017
    Failed

    I fell that for last  couple of Releases  such as  MR4 and MR5 DNS was breaking on VPN. Team need to take rigorous testing and then only release Major Release.

    I will appreciate quick resolution  for MR7  as it contains major vulnerability fix

    BR

    Vishvas