Related
Recommended
AlanT

Hi Everyone, 

We've just released 9.401 to the Up2date servers. This is a staged GA release, meaning that not every firewall running 9.355 will be offered the automatic update initially, but the number of firewalls being offered the update will be increased gradually, until a full GA is reached. 

New Features

Sandboxing for SMTP and Web

  • Most next-generation sandboxing solutions designed to identify unknown malware are too complex and expensive for most businesses like yours to even consider. That’s why we’ve developed Sophos Sandstorm, a new subscription option that gives you an advanced malware defence solution that’s effective and affordable. Sandstorm is a cloud-based sandbox solution that provides targeted attack protection, visibility and analysis that rises above the competition.
  • Sandboxing allows to enforce rules about sending items the users download to a sandboxing service before they get access to them so that the organization has protection against emerging threats that are not recognized by malware or URL scanning. Furthermore, it is possible to enforce rules about sending suspicious email attachments to a sandboxing service before the message containing them gets delivered so that the organization has protection against emerging threats that are not recognized by malware scanning

Clientless SSO (STAS) 

  • Sophos Transparent Authentication Suite (STAS) provides reliable transparent SSO authentication for network users, without requiring a client on the endpoint. STAS employs an agent on the Microsoft Active Directory Server that monitors and stores authentication activity and exchanges authentication information with the Sophos UTM, making user-based policy rules and enforcement easy.

IPv6 Support for SSL VPN

  • IPv6 SSL VPN Support adds much requested support for IPv6 VPN connectivity with Sophos UTM.

Support for new RED15w

  • RED 15w adds integrated wireless to the new RED 15 with a single radio supporting 802.11n 2×2:2 MIMO.  Expected availability is March 2016.

Support for new 4x10G FP 1U network module

  • 4x10G SFP+ Flexi-Port Module for the 1U SG Series models brings a whole new level of flexible connectivity and performance with four port support for a variety of optical or electrical transceivers. Expected availability is March 2016.

WAF persistent session cookies

  • WAF Persistent Session Cookies improve the user experience when interacting with business applications protected by the Sophos UTM, reducing repeated sign-in prompts.

Remarks

  • System will be rebooted
  • Connected Wifi APs will perform firmware upgrade

Bugfixes from 9.355

  • 33322 Duplicate Mails fetched while prefetching and Spamfilter is active
  • 35285 repctl fails to start on slave node - can't use string ("reporting") as a HASH ref
  • 35446 Problems with OpenVPN v2.3.0 and Win8 when client awake from sleep or hibernation mode
  • 35474 AD group cache still contains obsolete group information after update_ad_bg_members.plx is executed
  • 35606 French keyboard layout not detected in HTML5 portal RDP connections
  • 35785 ctasd still segfaults after applying fix from 34581
  • 35809 Group membership is not updated when prefetching backend users
  • 35814 UTM doesn't respond to arp requests after HA gets disabled
  • 35824 Successfully installed EP client is not visible in the EPP overview of the webadmin
  • 35969 Sometimes logging is inconsistent if a user is connected via hotspot
  • 36025 Cisco VPN remote access: XAUTH credentials and certificate can be from different users
  • 36079 RED Management can't be enabled if the organisation name includes umlauts
  • 36159 High CPU load from confd caused by overflow on RED devices
  • 36161 HTTP Proxy: fix memory leak and log format for proceed page logging
  • 36190 WAF - High swap usage caused by reverse proxy
  • 36218 HTTP Proxy: segfault when configuration changes rapidly
  • 36225 HTML5 portal RDP session to Windows 8.1 doesn't work
  • 36278 Increase maximum number of access points (APs)
  • 36303 USB deployed RED10 devices loose their static wan config
  • 36312 RED15 responds to public DNS requests
  • 36345 Confd error when configuring certificate for HTTP Proxy end-user pages
  • 36373 WAF - Reverse authentication: AH01627: AuthType configured with no corresponding authorization directives
  • 36383 glibc security update (CVE-2015-7547) [9.4]
  • 36385 cssd doesn't reload for avira pattern updates with u2d-avira-xvdf

Bugfixes from 9.400

  • NUTM-3484 [Email] SMTP Proxy does not start after update to 9.4 after takeover 
  • NUTM-3340 [Network] ATP alerts can be caused by external UDP DNS traffic (can lead to massive amounts of ATP alerts) 
  • NUTM-3365 [Web] Filename is not preserved for sandboxed file if Content-Disposition header is missing 
  • NUTM-3355 [WiFi] VLAN Fallback mechanism broken since 9.4
  • NUTM-3437 [WiFi] Mesh broken on AP50 after upgrade to 9.4 SR

 

From 9.355

From 9.400

Up2Date Installation

Sophos Up2Date technology makes it easy to upgrade your Sophos UTM to the latest version.
There are two ways to apply an already-downloaded Up2Date package to the system:

  1. Log on to WebAdmin, navigate to Management > Up2Date > Overview and use "Update to latest version now" to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
  2. Download the Up2Date package from our HTTP or FTP Server and install it under Management > Up2Date > Advanced.

If you want to provide feedback or want to discuss any of the UTM V9 features you should post it on our user community forums. Please indicate the version you are using to help us (and everyone helping you).

Feedback

  • If you have any feedback on our help, manual, or any documentation (Online Help) please send it to nsg-documentations@sophos.com.
  • You are free to use our new demo server environment without hassle, nags, or registration. Enjoy!
  • If you have any questions or comments regarding this release, please see our online forums for more information.

Alan Toews
Technical Product Manager

Unfiltered HTML