DO NOT INSTALL 9.703-2!!!

DO NOT INSTALL 9.703-2!!!

My lab system was Up2Dated to 9.703-2 Thursday evening at 10PM CDT (UTC -0500) and all connection with the outside world immediately stopped.  My local connection would work normally a few minutes at a time and then everything would lock up for a few minutes.  I could not identify the problem with top, but did see a lot of zombie confd processes.  I lost the entire day of Friday because my wife has a big project due next week and was working via Microsoft Teams all day with her colleagues.

I will suggest to Sophos that the file be removed from the ftp site. Grumble.

Cheers - Bob

Parents Reply Children
  • Yes, that is eye-catching...

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

  • So wait, did Sophos release a new version of this update in the meantime?

    I installed the 9.703-2 update yesterday evening. Haven't had a single problem all day...about 15 people were logged in using SSL VPN, outgoing

    traffic was fine.

    Unsure what to do right now, maybe someone can shed some light?

    We're running UTM Software on a HPE ProLiant server, btw.

  • Hello Dominik,

    we have three sites where this update is running fine, too. I just let them untouched until Sophos has additional infos.

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

  • No, 9.703-2 was the complete number of the intitial release of that update-catastrophe.

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

  • Okay, then I guess I'll do the same and just wait it out...man, a few months ago this disaster with an update shredding RED site to site tunnels...now this SNAFU...somehow one gets the feeling there isn't alot of love left over at Sophos for their venerable UTM product...

    Schöne Grüße ebenfalls aus Deutschland :-)

  • they want to push the XG so UTM isnt the focus. i miss the good old ASG times when you can call a astaro developer directly when you find a bug  in fw, mostly 1 hour later you got a fix ;-)

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • zaphod said:

    they want to push the XG so UTM isnt the focus. i miss the good old ASG times when you can call a astaro developer directly when you find a bug  in fw, mostly 1 hour later you got a fix ;-)

     

     

    Same here.

    Sophos turns this thing more and more in an unreliable peace of software, that extremly sucks.

     

    And i dont wanna switch to XP, which is worse then UTM.

     

    So can i have Astaro back, please ?

     

    cheers from Germany

  • zaphod said:

    they want to push the XG so UTM isnt the focus.

    Well, current XG update 18 MR1 has identical problems:
    https://community.sophos.com/products/xg-firewall/b/blog/posts/xg-firewall-v18-mr1-is-now-available
    https://community.sophos.com/kb/en-us/135378

    Seems Sophos pushed in the wrong direction... [;)]

     

    Quality management at Sophos seems kind of up and down. 6 months OK, then six months bad, and so on...

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • One thing I really don't understand: why is there no easy way to revert to the state before the update? There should be a second copy of the (old) firmware which one can easily switch back to, if anything goes wrong. Even if I do kernel updates on linux systems I always have the possibilty to start with the kernel version I had before, instead of completely seting up the system from scratch and upload a config-backup I hopefully made before to another place outside of the system.

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner