Today we've released UTM 9.508. The release will be rolled out in phases. In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.
As part of UTM 9.508, the wireless firmware is updated to 11.0.003.
"The issue you described may not be related to updating to 9.508. It could be due to re-imaging your UTM."
As I stated in my original comment:
"So yesterday I factory imaged 2 Sophos units to 9.5 and the bug was gone."
I was advised by Sophos Support that re-imaging using the ISO 9.5 was the best way to remove this bug.
They were right, re-imaging gets rid of this bug, I was very happy.
What made me very unhappy was updating from 9.502 to 9.508-10 re-introduced this bug.
What really upsets me is that this bug took me months to find as Sophos Support had no idea what was causing all my problems.
Until one clever person finally realised it was the MTU problem.
This was fixed in the 9.5 ISO, Sophos have now brought it back.
Please, for the sake of all our sanity, enable the MTU setting in the GUI!
Martin Murray I sent you a private message regarding your issue.
The issue you described may not be related to updating to 9.508. It could be due to re-imaging your UTM.
By default MTU auto discovery feature is enabled and if your ISP DHCP server broadcast a small MTU size you may run into the issue you described. Please see my message for further details on the issue,
The UTM 576 Bug is back :(
My first Sophos was plagued with problems, slow or non-existent loading of sites like the BBC, Google Maps or Reddit. It took months of emails, research and support tickets before we found the problem was an MTU setting.
The 9.4 series firmware introduced a bug where it would only allow whatever MTU your ISP sent. In many cases this was 576, however this caused the browsing problems described above.
I’ve been speaking with Sophos Support and they said this problem can be worked around in CLI or do a factory image of 9.5.
The first fix was to modify the backend via CLI to ignore the ISP MTU, this worked.
Once the WAN MTU was set to 1500 all the problems went away.
But I was advised re-imaging to 9.5 would fix the problem for good.
So yesterday I factory imaged 2 Sophos units to 9.5 and the bug was gone
Today I updated my test SG 135 to 9.508-10 and the bug has returned!
So now I have to refuse all future updates from the Factory ISO of 9.5, or presumably hack a workaround in CLI again?
What should I do?
Article community.sophos.com/.../131727 captured the information on how to deal with (optional) certificate regeneration.
Will all the s/mime certificates for email encryption automatically be regenerated?
If not- how to export a list with email encryption users and comments? And then how to import this list for automatically regenerate smime certificates?