We are in the final stages of preparing an update to the IPS engine used by SG UTM. We are upgrading to version 2.9.17 of Snort and are offering early access to the new release for customers who would like to try it out immediately.
Updates to the Snort IPS Engine are delivered as part of your up2date pattern packages. This ensures that you get updates to IPS detection even if you are still running an older UTM firmware image. It means that we can continue to efficiently deliver a single set of signatures to all our customers.
We always perform extensive internal tests on new versions of the Snort engine before we roll them out. This version is no exception to that.
However, since version 2.9.17 of Snort introduces changes in more sensitive areas than with previous updates, we have decided to stage the rollout of the new engine. It will still be delivered via up2date, but it will be delivered alongside the old engine for a time. UTMs will be automatically switched over to the new engine in stages over the coming weeks, so that we can quickly respond to any unforeseen issues.
September 16, 2021: New engine included in up2date pattern packages, available for testing but not enabled by default
September 21, 2021: New engine enabled selectively for some UTMs
September 28 onward: Gradual increase in the number of UTMs using the new engine
We aim to complete the rollout for all devices in early October.
Customers running version 9.707 of the UTM firmware can choose to switch to the new engine immediately. If you would like to do this, please contact Sophos support.
can this new snort version use multiple CPU cores?
Snort supports this feature in 3.0. UTM with the new version will use 2.9.17.
So is 3.0 on the roadmap for UTM?
And, why not just get to 3.0 instead of baby-stepping this?