UTM Up2Date 9.707 Released - Release Notes & News - UTM Firewall - Sophos Community

Release Notes & News UTM Up2Date 9.707 Released

UTM Firewall requires membership for participation - click to join

30 Jun 2021

We've just released UTM 9.707. As usual, the release will be rolled out in phases:

In phase 1 you can download the update package from our download server.
During phase 2 we will make it available via our Up2Date servers in several stages.
In phase 3 we will make it available via our Up2Date servers to all remaining installations.

Up2date information

News

Maintenance release
Security release

Remarks

System will be rebooted
Configuration will be upgraded

Issues resolved

NUTM-12550 [Access & Identity] Replace deprecated option in SSLVPN client config
NUTM-12310 [Email] SPF checks incorrectly occurring when multiple upstream hosts are configured in an availability group
NUTM-12672 [Logging] IPFIX does not switch source and destination ports between inbound and outbound side of flow
NUTM-12749 [Basesystem] Update bzip2 to address CVE-2019-12900
NUTM-12590 [Basesystem] Patch OpenSSL against CVE-2021-23840 & CVE-2021-23841

Parents

Magy over 2 years ago

NUTM-12672 [Logging] IPFIX does not switch source and destination ports between inbound and outbound side of flow

Can u explain this please
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Comment

Magy over 2 years ago

NUTM-12672 [Logging] IPFIX does not switch source and destination ports between inbound and outbound side of flow

Can u explain this please
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Children

RichBaldry over 2 years ago in reply to Magy
IPFIX is a way of outputting log information about network flows seen by the UTM. TCP connections are two-way flows - a client-server flow and a server-client flow. IPFIX data shows the two halves of the flow separately.

Each half of the flow is identified by source IP address & port, and destination IP address & port.

For a connection from client 192.168.7.5 port 54345 to server 10.10.10.10 port 443, the two half-flows should be labelled as follows:
- Client to server
  
  Source IP:port - 192.168.7.5:54345
  
  Destination IP:port - 10.10.10.10:443
- Server to client
  
  Source IP:port - 10.10.10.10:443
  
  Destination IP:port - 192.168.7.5:54345
In this issue, it was noticed that sometimes the IPFIX data showed the ports on the server-client flow were the wrong way round, so you would get:
- Client to server
  
  Source IP:port - 192.168.7.5:54345
  
  Destination IP:port - 10.10.10.10:443
- Server to client
  
  10.10.10.10:54345
  
  192.168.7.5:443
After installing 9.707, this issue should no longer be observed in IPFIX output.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel