Today we've released UTM 9.510. The release will be rolled out in phases. In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.

Update: We replaced the update from 9.509 to 9.510 on our FTP server to address two issues. We also uploaded the update for all who have installed the previous one.

Up2Date Information 9.509 -> 9.510


  • Maintenance Release


  • System will be rebooted
  • Configuration will be upgraded
  • Connected APs will perform firmware upgrade
  • Connected REDs will perform firmware upgrade


  • NUTM-8273 [Basesystem] Inconsistent reporting data in hot standby environment
  • NUTM-9089 [Basesystem] ulogd restarting randomly
  • NUTM-9423 [Basesystem] Missing DMI info or missing WiFi card should turn status LED red for desktop refresh models
  • NUTM-9516 [Basesystem] CVE-2017-3145: BIND vulnerability
  • NUTM-9764 [Basesystem] multiple NTP vulnerabilities
  • NUTM-9862 [Basesystem] CVE-2018-8897: Don ‘t use IST entry for #BP stack
  • NUTM-9944 [Basesystem]  ‘ethtool -p ‘ is not working for shared port
  • NUTM-9945 [Basesystem] SG/XG 125/135 upper 4 ports LEDs at front and rear side not behaving as expected
  • NUTM-9286 [Email] CVE-2011-3389: SSL/TLS BEAST Vulnerability And Weak Algorithms
  • NUTM-9460 [Email] Quarantine unscannable and encrypted content not working as expected
  • NUTM-9539 [Email] SMTP callout with TLS does not work
  • NUTM-9627 [Email] Parent proxy for WAF (ctipd) not applied without active e-mail subscription
  • NUTM-9771 [Email] Redesign TFT detection to decrease false positives/negatives
  • NUTM-9836 [Email] HSTS usage breaks Quarantine Report release link
  • NUTM-10124 [Email] TLS Errors - renegotiation not allowed
  • NUTM-9789 [Logging] Not able to archive logs using SMB share
  • NUTM-8969 [Network] Inconsistent DHCP leases in WebAdmin
  • NUTM-9049 [Network] Cannot change IPv4 interface as IPv6 gateway is required
  • NUTM-9194 [Network] Static route switching to different VLAN
  • NUTM-9646 [Network] eth0 is falsely marked  “dead “ when running  “hs “ on slave
  • NUTM-9739 [Network] Network monitor restarting on slave nodes
  • NUTM-9795 [RED] RED50 issue with large packets in Transparent/Split mode
  • NUTM-9607 [Reporting] Upper case umlauts in PDF Executive Reports are not displayed correctly
  • NUTM-9624 [Reporting] WAF - Top attackers won ‘t be displayed after upgrade to v9.5
  • NUTM-10118 [Reporting] Authenticated Remote Code Execution in WebAdmin
  • NUTM-9719 [SUM] Web Protection service shown as down in SUM
  • NUTM-9547 [UI Framework] UserPortal does not correctly detect browser specified preferred language for Chinese Simplified
  • NUTM-9527 [WAF] Fix mod_url_hardening stack corruption
  • NUTM-8038 [WebAdmin] WebAdmin not available
  • NUTM-9232 [WebAdmin] Sometimes  ‘backend connection failed ‘ while login
  • NUTM-9529 [WebAdmin] Role with  ‘Web Protection Manager ‘ rights can ‘t access Aplication Control
  • NUTM-9689 [WebAdmin] Report Auditor role is unable to open the dashboard
  • NUTM-5293 [Web] Google is missed in the Search Engines reports
  • NUTM-6240 [Web] FTP download through HTTP Proxy in standard mode not possible
  • NUTM-9039 [Web] Connections may fail when using upstream proxies due to  “Proxy-Connection “ header being sent
  • NUTM-9399 [Web] Classification for Windows Updates differs between AFC and conntrack
  • NUTM-9413 [Web] Unable to upload certificate to  “Local Verification CAs “
  • NUTM-9491 [Web] HTTP Proxy coredumps with SIGABRT
  • NUTM-9549 [Web] Proceeding after content warning results in display issues on redirected pages
  • NUTM-9599 [Web] HTTP Proxy requests stuck without appropriate timeout
  • NUTM-9630 [Web] Fallback log flooded with samlogon cache timeout messages
  • NUTM-9664 [Web] Country blocking exception not working when HTTP Proxy is using SSO
  • NUTM-9720 [Web] Can ‘t proceed content warning for MIME types if URL contains spaces
  • NUTM-9745 [Web] HTTP Proxy coredumps with SIGSEGV
  • NUTM-7628 [Wireless] Wireless clients frequently failing to connect with STA WPA failure reason code 2
  • NUTM-8946 [Wireless] APs displayed as inactive in WebAdmin while clients can connect
  • NUTM-9591 [Wireless] Both local WiFi using 2.4GHz band and same channel in default configuration
  • NUTM-9592 [Wireless] Unable to broadcast same SSID on both LocalWifi0 and LocalWifi1
  • NUTM-9594 [Wireless] Incorrect channel information showing on overview for LocalWifi
  • NUTM-9608 [Wireless] Incorrect generic error message in WebAdmin while configuring band for wireless network
  • NUTM-9638 [Wireless] Both local WiFi AP named  ‘Local ‘
  • NUTM-9731 [Wireless] Not able to configure channel 12 and 13 on newer desktop models
  • NUTM-9735 [Wireless] Set default channel width to 40MHz for 5GHz band
  • NUTM-9737 [Wireless] SGw appliances missing frequency definitions for Nigeria


Up2Date Information 9.510-4 -> 9.510-5


  • Hotfix Release


  • System will be rebooted


  • NUTM-10124 [Email] TLS Errors - renegotiation not allowed
  • NUTM-10118 [Reporting] Authenticated Remote Code Execution in WebAdmin
  • NUTM-9735 will set the default channel width for factory reset device not after migration.

  • (NUTM-9735 [Wireless] Set default channel width to 40MHz for 5GHz band)  I've just applied the update manually but my APs are still using 80Mhz channel width.  Does anyone know if we have to remove and re-add the APs for them to pick up the change?

  • Hi,

    @ LoveUTM: you are right, I noticed today, that only older reports have those broken links, the newly generated can be used without any problem.

    So let's declare this as "half-solved". I mean: ok, it works without flaw in future, but the old reports should have worked as well. Without manually putting "https://" in the  browser ...

  • Hi jprusch

    Could see NUTM-9836 is fixed, which coverts https links in to https links in quarantine report. New reports should get the https links. However in order to use the links from older reports, manually converting the link to https should work.  Which worked for me !

  • smtp proxy with callout verification is broken with as noted in the thread twister5800 linked to.  I see a lot of errors especially with and even other UTM 9.510 smtp proxy servers.

    (renegotiation not allowed)