We've just released UTM version 9.7 MR15 (9.715). As usual, the release will be rolled out in phases:

Details of this release, along with previous releases, can be found on our official release notes page.

Other news

  • Maintenance Release
  • Security Release


  • System will be rebooted
  • Configuration will be upgraded

Added Features

To help customers planning to migrate from SG UTM across to our next-generation XGS platform, we have made it easier to access the RED unlock code. This code is required when changing a RED device so that it managed by and connected through a different UTM or Firewall.

In 9.7 MR15, when you delete a RED device from the UTM WebAdmin console, WebAdmin will display the unlock code in a pop-up message confirming the delete action. It will also send an email notification containing the unlock code to the email addresses listed as “Notification Recipients” under Management > Notifications > Global.

Issues Resolved

  • NUTM-14054, NUTM-14049 [AWS] PAYG license expires if you turn on IMDSv2
  • NUTM-14015 [AWS] Unable to startup AWS HVM instance after reboot
  • NUTM-13908 [Basesystem] IPsec doesn't reconnect on DHCP interface after firmware upgrade
  • NUTM-13906 [Basesystem] Address DHCP vulnerabilities: CVE-2022-2928, CVE-2022-2929
  • NUTM-13770 [Basesystem] Turn off the autocomplete attribute in the password field for RESTful API authentication
  • NUTM-13490 [Basesystem] Address vulnerabilities in Zlib: CVE-2018-25032, CVE-2022-37434
  • NUTM-13489 [Basesystem] Address bind vulnerabilities
  • NUTM-13488 [Basesystem] Address vulnerability in GNU tar: CVE-2021-20193
  • NUTM-12593 [Basesystem] Add backend configuration for IPS SMTP Memcap
  • NUTM-14016 [RED] All RED connections drop and reconnect after RED server core dump
  • NUTM-13656 [Sandstorm] Excessive Sandbox database error messages in system.log
  • NUTM-13898 [Wireless] Address local WiFi driver vulnerabilities: CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722