Hi Everyone,

We've just released 9.409 to the Up2Date servers. This is a full GA release, meaning that all firewall running will be offered the automatic update.

Up2Date Information (9.408-4 to 9.409-9)


  • Maintenance Release


  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade


  • NUTM-2392 [AWS] Allow the user to select the security group to port during conversion
  • NUTM-5327 [AWS] Confd object missing after instance recovery in HA scenario
  • NUTM-5339 [AWS] [RESTD] allow unauthenticated access from localhost
  • NUTM-5466 [AWS] ssh disabled - No connection to stack instances
  • NUTM-5882 [AWS] Logging & Reporting overview does not show any information
  • NUTM-5901 [AWS] [RESTD] Improve webadmin UI and documentation
  • NUTM-5981 [AWS] Conversion feature always converts to BYOL
  • NUTM-6013 [AWS] Fix communication issue with S3
  • NUTM-5110 [Access & Identity] Since version 9.404 L2TP with Android doesn't work
  • NUTM-5562 [Access & Identity] UTM to UTM RED Tunnel doesn't work anymore after only TLS 1.2 is allowed
  • NUTM-5674 [Access & Identity] REDs offline after HA takeover - 'RED is not bound to this system, disabling device'
  • NUTM-5840 [Access & Identity] 3G to WAN failover on RED15/RED50 does not work
  • NUTM-5661 [Basesystem] quagga security update (CVE-2016-1245)
  • NUTM-5701 [Basesystem] named fails to start after invalid host record
  • NUTM-5779 [Basesystem] bind security update (CVE-2016-8864)
  • NUTM-5769 [Confd] Configd error Datatype.pm line 319
  • NUTM-5787 [Confd] Bridge can't be converted back to ethernet if only red interfaces are used
  • NUTM-5997 [Localization] Japanese translation error if using a string longer than 64 bytes as common_name
  • NUTM-5533 [Network] 'Block invalid packets' option doesn't block invalid packets
  • NUTM-5595 [Network] SIP Helper behavior clarification in 'Any' expectation mode
  • NUTM-5513 [Reporting] RRD reporting doesn't show the warnings and alerts of the slave nodes in cluster setups
  • NUTM-5655 [Reporting] Wrong count on websecvisits data
  • NUTM-5792 [WAF] WAF coredump'ed after regular session cleanup
  • NUTM-5856 [WAF] Special characters are encoded when HTML rewrite is enabled
  • NUTM-5075 [WebAdmin] User test is not working with LDAP special characters in Base DN
  • NUTM-5317 [WebAdmin] Persistent cookie for user portal working only once
  • NUTM-5761 [WebAdmin] Translation in Webadmin is not consistent (web protection)
  • NUTM-5811 [WebAdmin] Misleading default QoS interface downlink/uplink values
  • NUTM-5888 [WebAdmin] Since v9.408 Authentication Server test fails after first creation
  • NUTM-5963 [Web] Sandstorm not delivering Emails files from "Scan Pending" state
  • NUTM-5303 [WiFi] Characters in Hotspot terms of use not encoded correctly
  • NUTM-5876 [WiFi] User field is blank on login at Hotspot with voucher
  • NUTM-6128 [WiFi] FollowUp-NUTM-5303 - Characters in Hotspot terms of use not encoded correctly 


Up2Date Information (9.409-8 to 9.409-9)


  • Hotfix Release
  • Previous 9.409 Up2Date could fail to apply on UTMs that were installed with 9.406 or older


Firmware Update:

From 9.408-4:

DL: ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.408004-409009.tgz.gpg

MD5: ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.408004-409009.tgz.gpg.md5

Size: ~177M

From 9.409-8:

DL: ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.409008-409009.tgz.gpg

MD5: ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.409008-409009.tgz.gpg.md5

Size: ~135K