This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.604 without problems?

Anybody has installed 9.604 already and being happy with it?

Best regards

Alex



This thread was automatically locked due to age.
Parents Reply Children
  • 2019-08-06 See my final version posted today.

    UPDATED 2019-08-01

    Hi All,

    I've had several messages back and forth with Sophos folks.  As Jan Weber says in a post, 9.605 fixes the problem with REDs and the only danger is updating the RED firmware when the RED is under a heavy load.  I have suggested that the following instructions be added to the information about the Up2Date (I in blue dot) and the blog post about the 9.605 Up2Date:

    In order to ensure that there's no problem with the update of firmware in RED devices, do the following with two planned outages:

     1. Outage 1 - Up2Date to 9.604:
         A. In WebAdmin, disable all RED Servers for RED appliances.
         B. Apply Up2Dates through 9.604.
         C. At the command line: cc set red use_unified_firmware 0
         D. In WebAdmin, enable all RED Servers for RED appliances.
     2. Outage 2 -
    Disconnect all LAN connections from all REDs, leaving the RED online but with no connection to local clients.
     3. Apply the 9.605 Up2Date.
     4. After the Up2Date is complete, reconnect disconnected LAN cables to the REDs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello Bob,

    I still have my UTM's on 9.602-3. Do you recommend upgrading at all and if so to 9.605? I don't have any RED appliances so that's not really an issue over here.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • I would go to 9.605, Arno, because of the TCP SACK vulnerability.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA