We are in the final stages of preparing an update to the IPS engine used by SG UTM. We are upgrading to version 2.9.17 of Snort and are offering early access to the new release for customers who would like to try it out immediately.

Updates to the Snort IPS Engine are delivered as part of your up2date pattern packages. This ensures that you get updates to IPS detection even if you are still running an older UTM firmware image. It means that we can continue to efficiently deliver a single set of signatures to all our customers.

We always perform extensive internal tests on new versions of the Snort engine before we roll them out. This version is no exception to that.

However, since version 2.9.17 of Snort introduces changes in more sensitive areas than with previous updates, we have decided to stage the rollout of the new engine. It will still be delivered via up2date, but it will be delivered alongside the old engine for a time. UTMs will be automatically switched over to the new engine in stages over the coming weeks, so that we can quickly respond to any unforeseen issues.

Timeline for rollout

September 16, 2021: New engine included in up2date pattern packages, available for testing but not enabled by default

September 21, 2021: New engine enabled selectively for some UTMs

September 28 onward: Gradual increase in the number of UTMs using the new engine

We aim to complete the rollout for all devices in early October.

Early access 

Customers running version 9.707 of the UTM firmware can choose to switch to the new engine immediately. If you would like to do this, please contact Sophos support.

Parents Comment Children
  • This engine update, like all engine updates, is delivered in the pattern updates (I mistakenly referred to them as 'signature updates' in my original post).

    The pattern updates will deliver the new engine alongside the current engine for a time. The pattern updates will also include logic to decide which engine to activate as we go through the staging process. Support are able to modify individual devices to force this logic to get early access to the new engine.