Hi Everyone,

Today we've released UTM 9.506. The release will be rolled out in phases. In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.


Up2Date Information


  • Maintenance Release


  • System will be rebooted
  • Connected APs will perform firmware upgrade
  • Connected REDs will perform firmware upgrade


  • NUTM-8651 [AWS] AWS Permission for "Import Via Amazon Credentials"

  • NUTM-7678 [Access & Identity] Pluto dies with coredump at L2TP connections

  • NUTM-8211 [Access & Identity] SSL VPN connection issue with prefetched AD groups

  • NUTM-8756 [Access & Identity] AUA debug log contains plain text passwords

  • NUTM-8889 [Access & Identity] ESPdump with algorithm GCM does not work

  • NUTM-8912 [Access & Identity] HTML5 VPN: keyboard input not working on Android devices

  • NUTM-7670 [Basesystem] Update to BIND 9.10.6

  • NUTM-8427 [Basesystem] postgres[xxxxx]: [x-x] FATAL:  could not create shared memory segment: No space left on device

  • NUTM-8769 [Basesystem] Small models of  SG105 / SG115 / SG125 / SG135 take over 5 minutes to accept network connection

  • NUTM-9063 [Configuration Management] Regenerating the Web Proxy CA breaks all SSL VPN clients

  • NUTM-8313 [Email] POP3 Proxy generate core dumps in versions v9.414 and v9.501

  • NUTM-8509 [Email] Remove 3DES and SHA1 from SMIME

  • NUTM-8645 [Email] MIME Type Detection 9.5

  • NUTM-9061 [Email] User cannot open the SMTP Routing tab

  • NUTM-8419 [Logging] "Search Log Files" has different search result in spite of same time frame

  • NUTM-8783 [Logging] SMBv1 still required for remote logging to a smb share

  • NUTM-8341 [Network] Network monitor core dump

  • NUTM-8685 [Network] Some clients display an "Unknown" vendor on the wireless client list

  • NUTM-8738 [Network] Error messages in fallback log about damaged static routes

  • NUTM-8838 [Network] Watchdog consumes constantly 100% CPU

  • NUTM-7396 [RED] UTM RED kernel log shows "seq invalid" messages

  • NUTM-6968 [REST API] Insert REFs of new objects into single REF node

  • NUTM-7981 [Reporting] WAF-reporter logs irrelevant information

  • NUTM-8359 [Reporting] SMTP log on Mail Manager is empty after upgrading postgres to 64bit

  • NUTM-7802 [Sandboxd] If using a ' character in the email address, postgres is not able to insert this to the TransactionLog (Sandbox)

  • NUTM-8715 [UI Framework] Unable to access "Manage Computers" page

  • NUTM-8061 [WAF] WAF still reporting virus found when AV engine on the UTM is updating

  • NUTM-8751 [WAF] Newly created web server listens on the slave node instead of the master node

  • NUTM-8806 [WAF] Issue with TLS settings for virtual webserver

  • NUTM-8861 [WAF] Leftover of shm files cause a WAF restart loop

  • NUTM-5964 [WebAdmin] Support Access: WebAdmin not properly displayed after login via APU

  • NUTM-8512 [WebAdmin] Can't use string ("0") as a HASH ref while "strict refs" in use at /wfe/asg/modules/asg_ca.pmline 1105

  • NUTM-8571 [WebAdmin] User with only "Report Auditor" rights receives strict refs error after login into WebAdmin

  • NUTM-8807 [WebAdmin] External link to Sophos UTM Knowledge Base is not correct

  • NUTM-8871 [WebAdmin] Year of Single Time Events cannot be later than 2019

  • NUTM-7994 [Web] Customized templates do not allow to accept quota and access site

  • NUTM-8037 [Web] HA: Low disk space alert from slave

  • NUTM-8107 [Web] CONFD.PLX is taking high CPU load

  • NUTM-8502 [Web] HTTP Proxy coredumps with CentralFreeList in v9.413

  • NUTM-8687 [Web] Segfault and coredump from HTTP proxy

  • NUTM-8691 [Web] Certificate error on accessing sites with https scanning enabled

  • NUTM-8752 [Web] NTLM Issue with AD SSO in Transparent Mode

  • NUTM-8771 [Web] Wrong country showing up in Web proxy requests

  • NUTM-8826 [Web] Teamviewer via Standard Mode with AD-SSO not possible since v9.502

  • NUTM-8834 [Web] iOS11 user agent string is not detected as iOS

  • NUTM-8849 [Web] Can't download Traveler_90119_Win.zip with HTTP proxy in Transparent Mode

  • NUTM-3129 [Wireless] SG125w failed to create interface wifi0: -23 (Too many open files in system)

  • NUTM-4720 [Wireless] Issues with 2.4 GHz channel 12 and 13 / inconsistent channel availibility / AWE_DEVICE_CHANNEL_INVALID

  • NUTM-8288 [Wireless] Roaming issues with iPhone7 and RADIUS authentication

  • NUTM-8391 [Wireless] AP55C/AP100X disconnecting from UTM repeatedly

  • is the AD SSO Issue sorted?  Its like Russian roulette every time you do an update!

  • NB Further to the above notes, I should add that:

    -The ISP assigned IP address changes at every re-connection (I do not have a static public IP address).

    -I am a home user running Sophos UTM on a J1900 based fanless PC (Alibaba sourced 'industrial router')

    -It worked after the initial post-update reboot (and the stream was publicly accessible) but I had to again reboot (due to mains power re-arrangement requirement) and that's when the above issues started to occur.

    I wonder if this could be vaguely related to KIL issue NUTML-11909 (Cable Modem: every renew of the ip address adds a new ip address to the dhcp interface) but I didn't see any evidence of multiple WAN addresses (or anything in the additional addresses list)?

  • Hi

    I am not sure if this is a bug (it could be the update reacting to a misconfiguration) but it just occurred right after the above update, so  I thought I'd better note it, just in case it is a genuine problem and someone wishes to investigate it:

    I've been using Sophos UTM with a Draytek V120 [PPPoE to PPPoA] modem to connect to ADSL. After the 9.506 update (just yesterday) I discovered that a DNAT rule wasn't working, and after quite some time investigating things, I noted that when looking at the interfaces, the WAN one was showing a different public IP address to the IP that had been assigned by my ISP. I tried a few enable/disable of the WAN interface (and reboots of the UTM) and it the IP shown in the WAN interface seemed to toggle between two different ones (neither were the one issued by the ISP, so perhaps previous ones, cached somewhere by Sophos UTM).

    I tried numerous things including setting up the WAN interface again (changing to Ethernet, then back to PPPoE and re-entering the ISP credentials), reverting to previous configurations, reverting to previous configurations and rebooting, but nothing fixed it (the shown address was different to the one issued) so to get around the problem, I have just swapped the V120 modem for an old router (with Sophos UTM in its DMZ) and changed the WAN interface back to a plain old Ethernet interface, so with the WAN now having a fixed address [internal range, but not from the ranges that I use LAN side] that has sorted the DNAT rule.

    Hope that is of some use or interest, but I will just leave it double-NATted for now and re-test after the next firmware update.



    Just before reverting to a double-NAT arrangement, I SSH'd into the unit and running ifconfig showed that no IP address against the WAN interface (whereas I am sure it used to show the ISP issued one).

    The DNAT rule is to permit public access to a R Pi running DarkIce and IceCast to stream audio from a microwave radio beacon receiver.