We are in the final stages of preparing an update to the IPS engine used by SG UTM. We are upgrading to version 2.9.17 of Snort and are offering early access to the new release for customers who would like to try it out immediately.

Updates to the Snort IPS Engine are delivered as part of your up2date pattern packages. This ensures that you get updates to IPS detection even if you are still running an older UTM firmware image. It means that we can continue to efficiently deliver a single set of signatures to all our customers.

We always perform extensive internal tests on new versions of the Snort engine before we roll them out. This version is no exception to that.

However, since version 2.9.17 of Snort introduces changes in more sensitive areas than with previous updates, we have decided to stage the rollout of the new engine. It will still be delivered via up2date, but it will be delivered alongside the old engine for a time. UTMs will be automatically switched over to the new engine in stages over the coming weeks, so that we can quickly respond to any unforeseen issues.

Timeline for rollout

September 16, 2021: New engine included in up2date pattern packages, available for testing but not enabled by default

September 21, 2021: New engine enabled selectively for some UTMs

September 28 onward: Gradual increase in the number of UTMs using the new engine

We aim to complete the rollout for all devices in early October.

Early access 

Customers running version 9.707 of the UTM firmware can choose to switch to the new engine immediately. If you would like to do this, please contact Sophos support.

Parents
  • Hello Rich,

    this is good news!

    However, you write to "contact Sophos support"...

    Have you had a chance to "contact" them in the last time? This is nothing but a bad experience, won't do that, if I am not forced to!

    We could just wait for the up2date-packages, that's far more reliable and faster, hopefully I see them in the FTP directory soon.

Comment
  • Hello Rich,

    this is good news!

    However, you write to "contact Sophos support"...

    Have you had a chance to "contact" them in the last time? This is nothing but a bad experience, won't do that, if I am not forced to!

    We could just wait for the up2date-packages, that's far more reliable and faster, hopefully I see them in the FTP directory soon.

Children
No Data