Hi Everyone,

Today we've started to release UTM 9.700. The release will be rolled out in phases.

  • In phase 1 you can download the update package from the download area.
  • In phase 2 we will make it available via our Up2Date servers in several stages.
  • In phase 3 we will make it available via our Up2Date servers to all remaining installations.

What's new in UTM 9.7?

  • Support for new APX Access Points
    In addition to the legacy AP series access points, UTM 9.7 brings support for the newer Wave 2 APX series access points which can now also be added and managed with UTM 9. This includes support for APX 120, APX 320, APX 530 and APX 740.
  • Certificate Chain support for WebAdmin and UserPortal
    Full certificate chains that are uploaded to UTM for use with WebAdmin and/or UserPortal will no longer be split but will be delivered in full when accessing WebAdmin and/or UserPortal and web browsers will no longer display warnings for these certificates.

  • Certificate Chain Support for WebProxy
    When using an intermediate certificate to sign HTTPS decryption certificates in WebProxy, WebProxy will now build and return a full certificate chain for the generated certificate to avoid browsers showing a warning when not explicitly trusting the intermediate certificate. The root certificate has to be available within the verification CAs.

  • New RED Site 2 Site Protocol
    RED Site 2 Site connections in UTM will now use the same protocol used within XG Firewall for RED Site 2 Site connections. This removes the need to specify legacy RED site 2 site connections in XG Firewall and provides enhancements to the RED site 2 site implementation in UTM.

  • Retirement of UTM Endpoint Management
    As announced with UTM 9.6, UTM endpoint management will be end of life by the end of this year. UTM 9.7 will no longer include the option for Endpoint Management for the UTM Managed Endpoints, Sophos SEC integration is still part of UTM 9.7.

 

Up2Date Information

9.6 MR5 (9.605-1) to 9.7 GA (9.700-5)

News

  • Features Release
  • .
  • Support for new APX AccessPoints
  • Certificate Chain support for WebAdmin and UserPortal
  • Certificate Chain Support for WebProxy
  • New RED Site 2 Site Protocol
  • Retirement of UTM Endpoint Management

Remarks

  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade

Bugfixes

  • NUTM-10804 [Access & Identity] strongSwan vulnerability fix (CVE-2010-2628, CVE-2018-17540)
  • NUTM-10485 [Email] POP3 E-Mail blocked message won't be displayed properly in some MS Outlook versions
  • NUTM-10745 [Email] Quarantine mail older than 14 days are not getting removed
  • NUTM-10958 [Email] Quarantined SPX Mails which are released are still available on UTM
  • NUTM-10192 [RED] Patch OpenSSL (CVE-2018-0732)
  • NUTM-11141 [Sandstorm] Add support for Sandstorm's Frankfurt data centre
  • NUTM-10454 [WAF] SAVI integration doesn't support scanning files larger than 2GB
  • NUTM-10873 [WAF] Underscore in DNS-Hostname makes WAF unusable
  • NUTM-11162 [WAF] Authentication through WAF with URL hardening enabled and umlaut in password fails
  • NUTM-11202 [Web] Conform to Apple's new certificate requirements introduced in iOS13 and macOS10.15

9.7 EAP1 (9.670-4) to 9.7 GA (9.700-4)

News

  • Features Release
  • .
  • Support for new APX AccessPoints
  • Certificate Chain support for WebAdmin and UserPortal
  • Certificate Chain Support for WebProxy
  • New RED Site 2 Site Protocol
  • Retirement of UTM Endpoint Management

Remarks

  • System will be rebooted
  • Configuration will be upgraded

Bugfixes

  • NUTM-10485 [Email] POP3 E-Mail blocked message won't be displayed properly in some MS Outlook versions
  • NUTM-11141 [Sandstorm] Add support for Sandstorm's Frankfurt data centre
  • NUTM-11162 [WAF] Authentication through WAF with URL hardening enabled and umlaut in password fails
  • NUTM-11202 [Web] Conform to Apple's new certificate requirements introduced in iOS13 and macOS10.15

9.7 GA (9.700-4) to 9.7 GA (9.700-5)

News

  • GA Release

Remarks

  • System will be rebooted

Bugfixes

  • NUTM-11273 [RED] RED Site-2-Site inoperable after update from 9.6 to 9.7

Download

While the release is in soft-release phase, you can find the Up2Date package at:

If you are running 9.7 EAP1 (9.670-4), please use the following packages:

If you are already running 9.7 GA (9.700-4), please use the following packages:

Known Issues

In the versions 9.670-4 and 9.700-4, an issue has been discovered where after the update RED Site-to-Site tunnels may not work. This issue does not affect deployments using hardware RED devices. Fixed Up2Date packages have been released in the meanwhile. Please also see the related KB article.

Parents
  • Any plans to update Let's Encrypt to use ACME v2? As it stands, the Let's Encrypt integration is useless for people who have not already registered prior to the ACMEv1 cutoff because they won't be able to register. May as well disable the checkbox if not already registered.

    fw letsencrypt[18122]: E Create account: REG_FAILED:   "detail": "Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See community.letsencrypt.org/.../88430 for details.",

Comment
  • Any plans to update Let's Encrypt to use ACME v2? As it stands, the Let's Encrypt integration is useless for people who have not already registered prior to the ACMEv1 cutoff because they won't be able to register. May as well disable the checkbox if not already registered.

    fw letsencrypt[18122]: E Create account: REG_FAILED:   "detail": "Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See community.letsencrypt.org/.../88430 for details.",

Children
No Data