Hi Everyone,

We've just released 9.408 to the Up2Date servers. This is a full GA release, meaning that all firewall running will be offered the automatic update.


  • Maintenance Release


  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade


  • NUTM-5349 [AWS] Restore fails if UTM is created with backup file in user data
  • NUTM-5466 [AWS] ssh disabled - No connection to stack instances
  • NUTM-5546 [AWS] UTM Cloud Update does not work in GovCloud
  • NUTM-5654 [AWS] Conversion should not be visible for HA and AS
  • NUTM-3203 [Access & Identity] [RED] If creation of RED device fails, certificates are not deleted
  • NUTM-4948 [Access & Identity] [RED] Enabling wireless on RED15w causes 'link down'
  • NUTM-5068 [Access & Identity] [RED] TCP Vulnerability (CVE-2016-5696)
  • NUTM-5173 [Basesystem] Memory (swap) leak in RAID monitor
  • NUTM-5407 [Basesystem] OpenSSL security update (1.0.1u)
  • NUTM-5461 [Basesystem] BIND Security update (CVE-2016-2776)
  • NUTM-5714 [Basesystem] CVE-2016-5195 - Linux Kernel - Dirty Cow
  • NUTM-3042 [Configuration Management] Advanced Threat Protection page error when login as Network Protection Auditor
  • NUTM-4215 [Documentation, Email] POP3 Proxy reporting source IP of
  • NUTM-4840 [Email] Email is automatically released after timeout from Sandstorm
  • NUTM-5285 [Email] SMTP file extension filter is case sensitive
  • NUTM-5599 [Email] Mails with the same recipient set twice lead to corrupt mail queue
  • NUTM-4938 [Endpoint] Customers who expand their EP license do not get EP Protection enabled
  • NUTM-5049 [Endpoint] Liveconnect Connectivity Issue
  • NUTM-4400 [HA/Cluster] pg_ctl: PID file "/var/storage/pgsql92/data/postmaster.pid" does not exist
  • NUTM-3158 [Kernel] Kernel freeze when running Web Proxy in full transparent mode
  • NUTM-3490 [Network] Ethernet Bridge with dynamic IP looses connectivity after IP renewal
  • NUTM-4592 [Network] OSPF: SSL VPN route injection still not working in 9.404
  • NUTM-5147 [Network] Kernel panic on several SG135 - Kernel Fixes
  • NUTM-5542 [SUM] Availability Group is unresolved after it was re-deployed without a real change
  • NUTM-5207 [Sandboxd] Sandbox error when downloading a file with an umlaut in file name
  • NUTM-5209 [Sandboxd] sandboxd is unable to open database file due to wrong ownership
  • NUTM-4816 [Up2Date] Up2Date downloader logs errors in uplink balancing setups
  • NUTM-488 [Virtualization] Fix unstable NIC ordering on VMWare
  • NUTM-5334 [WebAdmin] Authenticated users might gain access to stored passwords (CVE-2016-7397, CVE-2016-7442)
  • NUTM-4167 [Web] Web Protection Reporting filtered by departments doesn't provide all data
  • NUTM-4806 [Web] sandboxd is unable to insert into TransactionLog on HA setup
  • NUTM-4876 [Web] URL request to parent proxy seems to be send as http request instead of https
  • NUTM-5136 [Web] Web proxy in transparent mode removes authentication header
  • NUTM-5082 [WiFi] IPSec traffic is not routed properly if the client is connected over Hotspot
  • NUTM-5303 [WiFi] Characters in Hotspot terms of use not encoded correctly

Firmware Update:

From 9.407:

DL: ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.407003-408004.tgz.gpg

Size: ~97M

MD5: 29c7c7f2c5892a8ee929e7474978700c

  • Hi,

    this update breaks my VM too. 4 out of 5 Network Interfaces are accessible, but in the wrong order. The 5th won't be regorgnized by the UTM.

  • Error: Server exists and accepts connections, but bind to ldap://xxx.xxx.xxx.xxx:389 failed with this Bind DN and Password


  • My case is the same as that of Benjamin Griese, upgrading to 9.408-4 has broken SSL VPN for me, again. I have tried removing my sslvpn profiles then stopping the service through webadmin and restarting and recreating the profile, no luck. I have updated the SSL VPN client, still no luck. Not updating my production system yet.

  • TobiasKratz: We are on UTM Version 9.408-4 and do not have any problems with SSO or Remote SSL VPN.

    Her the original answer from sophos support to our support case about the "Authentication Server Bind DN Password" issue with UTM Version 9.408-4:


    1: This was reported to us in version 9.408-4 which is why we are just discovering this now.

    2: It is only a problem with the testing functionality and the actual authentication service is not affected


  • Anybody who can confirm that sso with newest Update still working? What about Remote ssl vpn? Anyone else who has These problems? Still not sure if i should install in productio nenvironments.