Anybody has installed 9.604 already and being happy with it?
we have 2 Firewalls in HA. May I update both direct from Web Intrface? We have 6 RED 50 too outside.
May be Problems with the updates?
Hallo Peter and welcome to the UTM Community!
UPDATE 2019-07-31: See my latest post below.
First, read the threads above. I'm getting ready to handle a similar situation with a client. Here's a copy of the plan I proposed:
The only disruption would be to an upload or download or VoIP call active at the moment the current Slave becomes the Master node.
Cheers - Bob
9.605 has fixes apparently but according to the post in the below link its all a bit convoluted , "disable the network behind the red before updating:......"
Re: 9.605 Up2Date
Does this Up2Date leave use_unified_firmware at 0? Does it address the issue that was bricking some REDs? Until there's more clarity, I don't recommend this to anyone.
How does a bricked RED50 look like?
2019-08-06 See my final version posted today.
I've had several messages back and forth with Sophos folks. As Jan Weber says in a post, 9.605 fixes the problem with REDs and the only danger is updating the RED firmware when the RED is under a heavy load. I have suggested that the following instructions be added to the information about the Up2Date (I in blue dot) and the blog post about the 9.605 Up2Date:
In order to ensure that there's no problem with the update of firmware in RED devices, do the following with two planned outages:
1. Outage 1 - Up2Date to 9.604: A. In WebAdmin, disable all RED Servers for RED appliances. B. Apply Up2Dates through 9.604. C. At the command line: cc set red use_unified_firmware 0 D. In WebAdmin, enable all RED Servers for RED appliances. 2. Outage 2 - Disconnect all LAN connections from all REDs, leaving the RED online but with no connection to local clients. 3. Apply the 9.605 Up2Date. 4. After the Up2Date is complete, reconnect disconnected LAN cables to the REDs.
I still have my UTM's on 9.602-3. Do you recommend upgrading at all and if so to 9.605? I don't have any RED appliances so that's not really an issue over here.
Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
I would go to 9.605, Arno, because of the TCP SACK vulnerability.