Hi Everyone,

We've just released 9.407 to the Up2Date servers. This is a full GA release, meaning that all firewall running will be offered the automatic update.


  • Maintenance Release


  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade


  • NUTM-4079 [AWS] DNS Resolver too slow for ELBs
  • NUTM-3885 [Access & Identity] [RED] RED50 reconnecting every 30 minutes
  • NUTM-4502 [Access & Identity] [RED] reactivating RED management causes problem with provisioning server
  • NUTM-4749 [Access & Identity] [RED] interface default routes are not written
  • NUTM-4832 [Access & Identity] 9.404 SSL site-to-site VPN client is not compatibal with older UTM versions
  • NUTM-4870 [Access & Identity] STAS: Packetfilter rule is written too late when enabling the feature
  • NUTM-4875 [Access & Identity] 9.404 SSL site-to-site VPN doesn't work with static IP setting
  • NUTM-4881 [Access & Identity] IPsec remote access xauth fails with "could not find cache entry"
  • NUTM-4918 [Access & Identity] HTML5 VPN: Portuguese (Brazil) keyboard doesn't appear to support special characters
  • NUTM-4974 [Access & Identity] UTM unable to connect to support tunnel
  • NUTM-4981 [Access & Identity] [RED] RED management can't be reactivated after a Backup / Restore
  • NUTM-4987 [Access & Identity] 9.404 SSL site-to-site VPN client compatibility to older openvpn versions
  • NUTM-5004 [Access & Identity] [RED] misleading peer status send
  • NUTM-4941 [Basesystem] NTP Vulnerability
  • NUTM-5132 [Basesystem] Disable weak ciphers for webadmin
  • NUTM-3180 [Confd] IP Address change was not applied properly to the interface
  • NUTM-4346 [Documentation] Enhance documentation regarding unencrypted SSO AD password in printable configuration
  • NUTM-3225 [Email] JSON error when accessing Data Loss Prevention Tab and SMTP Profiles
  • NUTM-3483 [Email] Missing/incomplete logging for sandstorm in SMTP proxy
  • NUTM-3505 [Email] MIME type blacklist can be bypassed if an another file is whitelisted
  • NUTM-3666 [Email] Mail log in user portal is case-sensitive
  • NUTM-3667 [Email] RAR and XLSX files causing Scanner timeout or deadlock - moving to error queue
  • NUTM-4331 [Email] Implement more error handling in QMGR for error cases
  • NUTM-4874 [Email] SMTP proxy can't be disabled when upgrading from 9.31x
  • NUTM-5228 [Email] change LogLevel in httpd-spx-reply.conf to warn
  • NUTM-5355 [Email] Increase AV Scanner timeout to 60 seconds
  • NUTM-2768 [HA/Cluster] 36307: Postgres can't be started on Slave / rsync error: error in socket IO (code 10) at clientserver.c(122) [receiver=3.0.4]
  • NUTM-4894 [Logging] Fallback log on slave node is filling up the partition
  • NUTM-1954 [Network] 35457: Amazon vpc gets imported but quagga doesnt start
  • NUTM-3092 [Network] snmp does not work: because 10G modules query of link status timeout if no GBIC is plugged
  • NUTM-3115 [Network] AFC misclassifying HTTPS connections as 'OpenVPN'
  • NUTM-3157 [Network] [INFO-152] Network Monitor not running - restarted
  • NUTM-3229 [Network] IPv6 over transparent proxy
  • NUTM-3247 [Network] Spam Filter cannot query database servers from Slave if a block all AFC rule exists
  • NUTM-4037 [Network] Update kernel to 3.12.58
  • NUTM-4992 [Network] Unitymedia / KabelBW customer getting always the MTU 576
  • NUTM-4885 [Reporting] SSL VPN reporting shows no user with a "#" sign in the username
  • NUTM-4593 [Sandboxd] Constant error when inserting record into sandstorm transactionlog table
  • NUTM-5128 [Virtualization] Incorrect interface order on HyperV
  • NUTM-4868 [WAF] WAF service restart issue (segmentation fault in mod_avscan)
  • NUTM-5266 [WAF] Form auth default template login not possible with chrome and FF
  • NUTM-4916 [WebAdmin] User portal: add Windows 10 to list of supported OSs for SSL VPN
  • NUTM-2447 [Web] 36231: HTTP proxy policy matching with backend groups is sometimes not working
  • NUTM-4525 [Web] Handle ha zeroconf for sandbox_reportd
  • NUTM-4806 [Web] postgres[xxxxx]: [x-x] STATEMENT: INSERT INTO TransactionLog
  • NUTM-4877 [Web] segfault after installing ep-httpproxy-9.40-319.g32fa996.i686.rpm
  • NUTM-4127 [WiFi] MAC filter whitelist does not work after editing the MAC Address List
  • NUTM-4451 [WiFi] Mesh AP doesn't connect after deleting the AP from webadmin
  • NUTM-4913 [WiFi] Hotspot voucher QR code pointing to IP address instead of configured host name
  • NUTM-5032 [WiFi] 'STA WPA Failure' messages not appearing in wireless log

Firmware Updates:

From 9.406:


Size: ~165M

MD5: b355872857f1c42588a30816adb1ade6

  • There is a known bug in v9.407 wherein the SMTP daemon will scan an email and check the recipients in To, CC and BCC but if it finds more than one recipient with the same email it is removing all extra copies of that recipient but does not reduce the recipient count. Then the next part of the engine scans the email and sees, for instance, 5 recipients when there is a marker for there to be 6 and classes the email as corrupt.

  • since Firmware update to 9.407  AP30 rev2 can not be provisioned anymore... with another appliance wit 9.405 on it ... everthing is fine ... BUG ?