Hi Everyone,
Today we've started to release UTM 9.600. The release will be rolled out in phases.
Better performance and protection
Generate and renew Let’s Encrypt certificates from within UTM
Generated certificates can be used in all UTM components
Better 3G/4G Support
Allows an admin to upload a file for detonation within Sophos Sandstorm
Files that have not been received via email or web download can also be analyzed with Sophos Sandstorm
Reporting for Sandstorm Activity over time and with historic information
Reporting also covering hash lookup based results from Sophos Sandstorm
Submission Port support in SMTP Proxy
Configurable Listen Address in SMTP Proxy
Custom themes for all error pages that are delivered by WAF
Allows to provide corporate identity on all pages
After updating to UTM 9.6, the old content warn HTML template in HTTP Proxy will no longer function correctly. Please download the updated templates, customize them to your needs and re-upload to the UTM. For further details, please see KBA133167.
Features Release
ATP: New Advanced Threat Protection Library with better performance and protection
Certificates: Let's Encrypt Integration
RED: Unified RED Firmware with better 3G/4G Support
Sandstorm: Manual File Submission
Sandstorm: Persistent Reports
SMTP Proxy: Submission Port Support
SMTP Proxy: Configurable Listen Address
WAF: Error Page Customization
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade
Connected Wifi APs will perform firmware upgrade
NUTM-10128 [Access & Identity] MDW waits hours for lock on shared cache with AUA
NUTM-10130 [Access & Identity] Unable to connect RDP type bookmark with NLA
NUTM-7418 [Access & Identity] SAA - Rename Client Auth CA
NUTM-9368 [Access & Identity] SSL VPN: optional user auth not working
NUTM-9525 [Access & Identity] Disk filling up with argos error messages in endpoint.log
NUTM-9843 [Access & Identity] HTML5 VPN portal connections periodically stop working until service is restarted
NUTM-10080 [Basesystem] Update to latest Avira SAVAPI version
NUTM-10366 [Basesystem] Missing IP address in IPset of user network for STAS
NUTM-9783 [Basesystem] IPsec routing issue if gateway interface has additional addresses
NUTM-9810 [Basesystem] IPset Object takes 30 seconds to update after SSL VPN connection was established
NUTM-9860 [Basesystem] Selfmon trying to start DHCP even when not in use
NUTM-10226 [Email] Can't release POP3 messages due to URL in User Portal
NUTM-9681 [Email] cssd coredumps and root partition is filling up
NUTM-9716 [Email] S/MIME encryption - automatic certificate extraction causing high load / no webadmin access
NUTM-9733 [Email] Change default encryption algorithm to 'smime'
NUTM-9853 [Email] Fix policy traversal (for gpg, smime, unscanable)
NUTM-9882 [Email] Umlauts in mail addresses get corrupted if SPX encryption is used
NUTM-10181 [Network] Remove DNSdynamic from available dynamic DNS providers
NUTM-10307 [Network] ATP exception still working after deletion
NUTM-10337 [Network] High CPU load by AFCd when hotspot is enabled
NUTM-10414 [Network] Segfault in oculusd
NUTM-2791 [Network] Fix detection of sub applications in Application Control
NUTM-4767 [Network] SSH for single host skipping AFC check
NUTM-9462 [Network] Update to BIND 9.11 ESV
NUTM-10197 [RED] All REDs disconnect intermittently
NUTM-10227 [RED] Offline provisioning does not work
NUTM-10303 [RED] Unified FW: split networks does not work
NUTM-10384 [RED] Update hostapd for Unified-FW
NUTM-9026 [RED] TP-LINK MA260 dongle on RED doesn't work anymore after update to v9.5
NUTM-9795 [RED] RED50 issue with large packets in Transparent/Split mode
NUTM-10060 [Reporting] ATP alerts / events not deleted after three days
NUTM-10201 [Reporting] Unable to download S/MIME internal user certificate
NUTM-10352 [Sandstorm] Sandstorm Activity Report table and graph do not show same data
NUTM-10367 [Sandstorm] Sandstorm Activity Graph does not include email cached results
NUTM-2644 [UI Framework] Webadmin prefetching list box not displaying any users, if one user contains a single tick
NUTM-10066 [WAF] Existing certificate chain overrides after new certificate chain has been added
NUTM-10185 [WAF] Using printenv SSI directive in custom theme causes segfault
NUTM-10315 [WAF] Let's Encrypt can't be enabled after upgrade from 9.5 (/etc/ssl/certs not accessible)
NUTM-10316 [WAF] Let's Encrypt certificates allow wildcards in domain name list
NUTM-10332 [WAF] Let's Encrypt not working over IPv6
NUTM-9809 [WAF] Potential memory allocation failure for "Rewrite HTML" + location with special characters
NUTM-10188 [WebAdmin] [OTP] QR code not visible for the first user login
NUTM-10214 [WebAdmin] Breach Vulnerability in WebAdmin (CVE-2013-3587)
NUTM-6945 [WebAdmin] Popup too small for secret when deleting SHA512 OTP token
NUTM-7381 [WebAdmin] Login to UserPortal only works at second try when using RADIUS authentication
NUTM-9424 [WebAdmin] Webadmin session interrupted with pop-up "Backend connection failed"
NUTM-10200 [Web] Segfault in libc-2.11.3.so
NUTM-10284 [Web] HTTP Proxy crash with coredumps
NUTM-9676 [Web] HTTP Proxy out-of-memory segfault / HTTP Proxy stops working with "Avira engine not available"
NUTM-9854 [Web] Warning page bypass using crafted URLs
NUTM-9873 [Web] File blocked due to MIME type detection even if there is an exception
NUTM-9956 [Web] HTTP Proxy coredumps in geoip scanner
NUTM-10365 [Wireless] RED15w: SSID isn't broadcasted when "Enterprise Authentication" is in use
While the release is in soft-release phase, you can find the up2date package on our FTP server at:
If you are already running 9.6 Beta2, please use the following update packages:
Hello again, Sophos is already aware of the DSL PPPoE issue, because there is a rpm available. I do not understand, why the problems with this firmware are not made public. AVOIDABLE Downtime. Not nice.
Be careful if you have HA and PPPoE Connetions. Faced this issue today: community.sophos.com/.../problems-with-pppoe-interfaces-since-update-v9-6
Same issue here no update avaliable for 9.600 on virtual or physical UTM, very strange given that the update is listed here and on the FTP site
A update to my previous post: deleted the RED-15W AP, recreate it and is working again (thanks IstvánSzallós).
CPU usage dropped to 15%, but it's raising again - justa after 10 min. it's already on 45%!
After Upgrade SG210 to 9.600-5:
CPU usage was always below 5% - now is always above 90%!!!!
One RED-15 seems to be working well (it is at a remote site and I still can connect to the remote equipment that is connected to this RED);
A RED-15W is now a RED-15... it works as as RED-15 - the wireless part is inactive (on wireless protection i got a "RED15w is inactive");
BTW the sales pitch "Looking for a more scalable, next-gen wireless LAN solution?" on the wireless protection page takes space at the top of the screen - it is unpleasant.