DO NOT INSTALL 9.703-2!!!
My lab system was Up2Dated to 9.703-2 Thursday evening at 10PM CDT (UTC -0500) and all connection with the outside world immediately stopped. My local connection would work normally a few minutes at a time and then everything would lock up for a few minutes. I could not identify the problem with top, but did see a lot of zombie confd processes. I lost the entire day of Friday because my wife has a big project due next week and was working via Microsoft Teams all day with her colleagues.
I will suggest to Sophos that the file be removed from the ftp site. Grumble.
Cheers - Bob
Looks like its been pulled from the SG230 and Sg310's, one of my SG210s did keep t his installed so might have missed the pull window....seems to be OK though.
Sophos has pulled this update, due to critical issues, do not install for now:
and the moral of the story?
Do not install any update until someone else has a critical issue, then Sophos will investigate further, pull the update and get the patch properly programmed, then release it again.
and to be really cynical, really fix the problem six months later!
XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!
What about the brave/unlucky/dumb people who have been installing that 9.703 update manually? Do they receive that particular pattern update as well?
Mit freundlichem Gruß, Regards from Germany,
New Vision GmbH, GermanySophos Silver-Partner
If a post solves your question please use the 'Verify Answer' button.
Reformat with 9.702 iso and restore backup file :-/
OK - lesson learned.
It seams Sophos Ltd hires to much M$ Developers
twister5800 wrote the following post at 17 Apr 2020 9:18 AM:
Wish we could do that...
May I call your attention to this suggestion made over 2 years ago? Implementation of this feature would have saved our butts with Sophos' current screwup!
We've been running an SG 230 Rev. 1 for a number of years and were quite happy with it - until we purchased a second SG 230 and stumbled across the a. m. issue Thorsten had discovered. This rendered our new Rev. 2 machine totally useless. We couldn't use it for HA or as a backup machine. The "Premium" support we contracted was no help at all ([#8609926] Backup email addresses of users registered for SPX -- Priority: Medium -- Level: Premium 25. Februar 2019, 13:34 Uhr):
as stated in the previous emails, the functionality you requested is not and will not be provided by Sophos UTM for the foreseeable future.
Until that day we had believed that "Create Backup" meant saving everything needed for a COMPLETE restore - but obviously "unique site data (license, passwords, certifcates/keys)" does not entail the SPX email accounts and PWDs.
We have roughly 1.500 SPX accounts which need to be transfered from our shot Rev. 1 system with 9.703-2 to our up-and-running Rev. 2 machine with 9.702-1.
Any suggestions? (How) Can we transfer the SPX database files from one appliance to the other? Can we revert to 9.702-1 without losing said SPX data?
Thanks & best regards,Wilfried
Hallo Wilfried and welcome to the UTM Community!
I can't believe that no one at Sophos knows where those keys are stored. Have you tried opening a case with Sophos Support?
that has been our experience. Our sorry experience has cost us € 1.700 so far.
Here's the timeline:
2019-12-18 we order our second SG230 2020-01-08 we run into the SPX PWD problem and contact our supplier2020-01-19 they cannot help & refer us to Sophos directly2020-01-25 we order 1 yr. Sophos "Premium Support", the above mentioned ticket is started2020-02-14 they tell us that "currently SPX registered recipients cannot be saved or included in the backup" (I call that a bug, not a feature request)2020-02-25 the ticket is basically closed by Sophos Premium Support with the following statement & suggesting more paid help by their Professional Service Team:
I can neither confirm nor negate whether a partial port of the corresponding database table is possible (and whether support for any problems resulting from this is still guaranteed).
Our management was not inclined to "chase good money after bad", so we left it at that. Case closed.
Until Sophos nuked us all with 9.703-2 ... So, is there anybody out there who can help?
maybe (but really maybe) a short look in the REST API can help to get your SPX recipients back.. but only if you have a machine with the old database running and useful to get REST calls running on it. as far as i read if you run into this bad firmware bug the machine becomes usesless after short uptime :-(
hope others has suggestions to help you fix this out.
Home: Zotac CI321 (8GB RAM / 120GB SSD) with latest Sophos UTMWork: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...
The database file with the spx data should be: /var/storage/chroot-smtp/spx/auth/spx-auth-v2.ks