Hi Everyone,

We've just released 9.405 to the Up2Date servers. This is a full GA release, meaning that all firewall running will be offered the automatic update.

News

  • Maintenance Release

Remarks

  • System will be rebooted

  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade

Bugfixes

  • NUTM-2840 [AWS] UTM ignores MTU sent by DHCP server
  • NUTM-3064 [AWS] Confd info shows wrong instance_role for ha warm&as
  • NUTM-4426 [AWS] Allow root login with SSH per default on AWS
  • NUTM-4516 [AWS] factory reset doesn't clean up completly on AWS
  • NUTM-1775 [Access & Identity] 35668: DHCP Broadcast over all RED LAN ports causing wrong IP address assignment
  • NUTM-4129 [Access & Identity] Update OpenSSL in SSLVPN client
  • NUTM-4216 [Access & Identity] STAS related argos coredumps in v9.403
  • NUTM-4258 [Access & Identity] RED15/RED50 standard / split doesn't work if the RED initiates the connection over 3G
  • NUTM-4263 [Access & Identity] [RED] DNS resolution stopped working for RED15 in transparent / split mode after updated to v9.4
  • NUTM-4332 [Access & Identity] Vulnerabilities after deploying RED
  • NUTM-4336 [Access & Identity] RED50 split DNS does not work properly in transparent split mode and static uplink
  • NUTM-4342 [Access & Identity] Since update to 9.4 SSL VPN remote access not working with client with more than one TAP adapter
  • NUTM-4387 [Access & Identity] WARN-070 notfication won't be send if "Drop packets from blocked hosts" is not used
  • NUTM-4390 [Access & Identity] STAS: User network objects are not working as expected in several conditions due to AUA cache bug
  • NUTM-4424 [Access & Identity] red_client fails to reconnect after HA takeover on server UTM
  • NUTM-4494 [Access & Identity] red15: logread debug output on usb stick is circular
  • NUTM-4499 [Access & Identity] [RED Provisioning] Disable RED if its not bound to UTM anymore to avoid push_config
  • NUTM-4527 [Access & Identity] Disable TLS compression in IO::Socket::SSL
  • NUTM-4612 [Access & Identity] Failover back from 3g fallback to WAN is not working
  • NUTM-4668 [Access & Identity] IPv6 AUTO_INPUT table empty after update to 9.404
  • NUTM-3174 [Basesystem, Network] It is not possible to start the webadmin GUI anymore
  • NUTM-1746 [Basesystem] "Allowed networks for SNMP queries are missing" pop up after first time enabling SNMP
  • NUTM-3580 [Basesystem] SNMPv2c traps contain wrong snmpTrapOID.0
  • NUTM-4576 [Basesystem] SNMP MIB: change descriptors to be standard conformant, add NOTIFICATION-GROUPs
  • NUTM-4645 [Confd, Email] character ">" or "<" for smarthost password will change to "<"
  • NUTM-4159 [Confd] name="FUNCTION_DENY (Zugriff verweigert beim Aufruf der Confd-Funktion 'trigger'.)
  • NUTM-3519 [Email] S/MIME AES256 encrypted mails cannot be decrypted
  • NUTM-3856 [Email] Update Sophos Outlook Add-in to 1.3.1
  • NUTM-3132 [HA/Cluster] Additional address - Assigned to Node feature not working like expected
  • NUTM-4661 [HA/Cluster] postgres database rebuild needs to trigger mdw and repctl
  • NUTM-1957 [Network] 28457: Name resolution not working on HA Slave if BGP is configured
  • NUTM-1959 [Network] 35541: IPFIX not working with SolarWinds
  • NUTM-3168 [Network] IRQd not running - restarted (Value too large for defined data type)
  • NUTM-3169 [Network] changing a bridge with enabled VLAN interface causes bridge to become disabled indefinitely
  • NUTM-3761 [Network] Software UTM fails to complete booting process after updating to version 9.4
  • NUTM-4026 [Network] MTU change on a VLAN interface leads to MTU change of the real interface
  • NUTM-3304 [Release Management] nic-naming: Provide a fix for delayed 210r2 software support
  • NUTM-4660 [Release Management] HyperV u2d hook for NUTM-3028 was not included in 9.404
  • NUTM-2059 [WAF] Multi-threading race condition causes "AH01842: decrypt session failed, wrong passphrase?" errors
  • NUTM-4122 [WAF] Issue with URL hardening
  • NUTM-4362 [WAF] Creating AUTO_OUTPUT rules for all real webserver IPs in autoscaling group fails
  • NUTM-4385 [WAF] Webserver Protection reporting doesn't work / no entries for WAF in reporting database
  • NUTM-4582 [WebAdmin] Unable to select the WAN interface with the initial setup wizard of v9.4xx
  • NUTM-2418 [Web] HTTP proxy core dump on confd
  • NUTM-3110 [Web] Proceed button not working when authentication is set to browser for warn pages
  • NUTM-3404 [Web] Unable to load YouTube when YouTube for schools is enabled
  • NUTM-3485 [Web] HTTP Proxy profile matching doesn't work for DNS groups which contain IPv6 addresses
  • NUTM-3920 [Web] Sandbox: cleaning up old data in TransactionLog on slave nodes raises postgres errors
  • NUTM-4053 [Web] Unknown repeatingly log line: 2016:05:09-08:46:47 utm-1 [user:notice] "
  • NUTM-4141 [Web] sandboxd should use upstream proxy
  • NUTM-4295 [Web] STAS is not working as expected together with httproxy
  • NUTM-4381 [Web] Malicious file with patience page does not give -3 message in http.log
  • NUTM-4412 [Web] Policies tab under Web Procetion -> Web Filtering won't be displayed correctly
  • NUTM-4152 [WiFi] RED15w not broadcasting TKIP networks
  • NUTM-4190 [WiFi] SMC MAC filters aren't applied by local wifi
  • NUTM-4425 [WiFi] awed unable to process connections timely
  • NUTM-4596 [WiFi] Awed leak sockets leads to no more AP's are accepted

Firmware Updates:

From 9.404:

DLftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.404005-405005.tgz.gpg

Size: ~162M

MD5: eb09fc0c40b38211a4702cedd590f6c2