Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 17 replies
  • Subscribers 13 subscribers
  • Views 2766 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Update 9.709 - no problems

PhilippRusch

Installed UTM Update 9.709 manually in five differenet locations now, all sizes of networks and systems.

Running several days now and no problems so far.

Link: https://community.sophos.com/utm-firewall/b/blog/posts/utm-up2date-9-709-released



This thread was automatically locked due to age.
  • 0

    I've been running it a few days now.  The only thing I noticed was I had to add a friend's IP/domain to a skip list trying to get to his User Portal page.  It was fine before, and after this update, I had it as a Trusted site for Web Filtering.  For some reason now as well, I can't reach his VPN.  Working on it more when he goes back home (he is here for the weekend visiting the wife and me).  We're gonna try to set up a site-to-site VPN connection when he gets back.  He tried to get his wife to reboot his UTM, but she apparently didn't wanna do that, haha.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to FrancWest

    Yeah, and along with several posts in UTM, we've noticed Pattern updates don't appear to be working correctly (stuck for a month at the same pattern - 206808).

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    Thank you Amodin for putting another note on this thread,  I see the same issues on all appliances, 115, 135, 210 and virtual also.  Hopefully someone from Sophos will read this and respond.  Hello.....pattern updates are not updating, stuck on 206808 for weeks.

  • 0 in reply to RDL

    Hello Amodin/RDL,

    Thank you for the report, I would double-check internally about this and update the post once I have some information. 

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Thank you, Emmanuel,

    For you to also reference in case you missed them (forums are moving through posts quickly):

    bad pattern updates??? - General Discussion - UTM Firewall - Sophos Community

    Question: is it possible that since 09.02.2022 8:00 no pattern / Antivir updates work anymore? - Hardware, Installation, Up2Date, Licensing - UTM Firewall - Sophos Community

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to emmosophos

    Thank you , it is doing the issue of not updating past pattern 206808, on home licenses, FULL licenses on 115, 135, 210 SG appliances with or without sandbox.  They're all doing it.  I tried restoring back to 9.708, and even 9.707 with the same results. 

    What is a current pattern# just so we know we're not nuts?

    Here's a log with no errors off the 9.707 just so noone will ask for a log, everyone wants to see a log. haha

    2022:03:01-19:07:35 a50w audld[28877]: no HA system or cluster node
    2022:03:01-19:07:35 a50w audld[28877]: patch up2date possible
    2022:03:01-19:07:35 a50w audld[28877]: Starting Secured Up2Date Package Downloader
    2022:03:01-19:07:36 a50w audld[28877]: Secured Up2date Authentication
    2022:03:01-19:07:36 a50w audld[28877]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-19:26:20 a50w audld[9098]: no HA system or cluster node
    2022:03:01-19:26:21 a50w audld[9098]: patch up2date possible
    2022:03:01-19:26:21 a50w audld[9098]: Starting Secured Up2Date Package Downloader
    2022:03:01-19:26:21 a50w audld[9098]: Secured Up2date Authentication
    2022:03:01-19:26:21 a50w audld[9098]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-20:10:19 a50w audld[13638]: no HA system or cluster node
    2022:03:01-20:10:19 a50w audld[13638]: patch up2date possible
    2022:03:01-20:10:19 a50w audld[13638]: Starting Secured Up2Date Package Downloader
    2022:03:01-20:10:20 a50w audld[13638]: Secured Up2date Authentication
    2022:03:01-20:10:20 a50w audld[13638]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-20:10:24 a50w audld[13638]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="sys"
    2022:03:01-20:10:49 a50w audld[13727]: no HA system or cluster node
    2022:03:01-20:10:50 a50w audld[13727]: patch up2date possible
    2022:03:01-20:10:50 a50w audld[13727]: Starting Secured Up2Date Package Downloader
    2022:03:01-20:10:51 a50w audld[13727]: Secured Up2date Authentication
    2022:03:01-20:10:51 a50w audld[13727]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-20:12:01 a50w audld[13935]: no HA system or cluster node
    2022:03:01-20:12:02 a50w audld[13935]: patch up2date possible
    2022:03:01-20:12:02 a50w audld[13935]: Starting Secured Up2Date Package Downloader
    2022:03:01-20:12:02 a50w audld[13935]: Secured Up2date Authentication
    2022:03:01-20:12:03 a50w audld[13935]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-20:14:46 a50w audld[14586]: no HA system or cluster node
    2022:03:01-20:14:47 a50w audld[14586]: patch up2date possible
    2022:03:01-20:14:47 a50w audld[14586]: Starting Secured Up2Date Package Downloader
    2022:03:01-20:14:47 a50w audld[14586]: Secured Up2date Authentication
    2022:03:01-20:14:47 a50w audld[14586]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-20:15:18 a50w audld[14735]: no HA system or cluster node
    2022:03:01-20:15:18 a50w audld[14735]: patch up2date possible
    2022:03:01-20:15:18 a50w audld[14735]: Starting Secured Up2Date Package Downloader
    2022:03:01-20:15:19 a50w audld[14735]: Secured Up2date Authentication
    2022:03:01-20:15:19 a50w audld[14735]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-20:17:01 a50w audld[15043]: no HA system or cluster node
    2022:03:01-20:17:02 a50w audld[15043]: patch up2date possible
    2022:03:01-20:17:02 a50w audld[15043]: Starting Secured Up2Date Package Downloader
    2022:03:01-20:17:03 a50w audld[15043]: Secured Up2date Authentication
    2022:03:01-20:17:03 a50w audld[15043]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
  • 0 in reply to RDL

    A good summary here.......----->>>>

    Also ... here is more info. usually the appliances that have email filtering have dns set to nothing which goes to the root servers, so the DNSBLs will WORK properly.  I just for fun tried 8888 and 1111, cleared dns cache twice as per findings years ago, and rebooted the appliances. 

    Just so noone gets dizzy from reading all these posts, the nonupdating of the patterns beyond 206808 happens on 3 Year Full Guard licenses on SG 125, 135, and 210 appliances, as well as home licenses. 

    Turning off IPS and country blocking and port scanning and the other 3 ips settings doesn't fix it either. 

    There are no dns errors in the update logs, the logs say there is NO UPDATE, thus why I asked what is the current version of pattern update?

    The non update of the pattern happens on different ISPs, AT&T fiber, AT&T 100mbit fiber, Cox cable modem, and COLO bgp circuits, 

    the non update of the pattern happens on 9.707, 708, and 709, I have one test image of 9.707, i restored it on vmware back to November 21, 2021 and it doesn't update past the 206808 pattern.

    I tried turning off all threat blocking things, country blocking, ddos, ATP, IPS etc.

    I allowlisted/excluded as many of the up2date ips and FQDNs I could find , rebooted after flushing dns again, still no update.

    Ideas anyone, I guess I can restore back to a yet earlier version.  I'll try that later.

  • 0 in reply to RDL

    Some things are getting updated, I looked after someone else said they said things in middleware I guess are updating.

    geoip and aptp DO GET UPDATED in the below log but the pattern # still shows 206808 THIS NEEDS TO BE SHOWN to the brains in DEVOPS or wherever?

    2022:03:01-01:48:01 tul174 audld[23097]: no HA system or cluster node
2022:03:01-01:48:01 tul174 audld[23097]: patch up2date possible
2022:03:01-01:48:01 tul174 audld[23097]: Starting Secured Up2Date Package Downloader
2022:03:01-01:48:02 tul174 audld[23097]: Secured Up2date Authentication
2022:03:01-01:48:02 tul174 audld[23097]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2022:03:01-01:48:03 tul174 audld[23097]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="geoipxtipv6"
2022:03:01-01:48:04 tul174 audld[23097]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="geoip"
2022:03:01-01:48:07 tul174 audld[23097]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="aptp"
2022:03:01-01:48:08 tul174 auisys[23142]: no HA system or cluster node
2022:03:01-01:48:08 tul174 auisys[23142]: waiting for db_verify to return (30 seconds max)
2022:03:01-01:48:09 tul174 auisys[23142]: not cleaning /var/up2date/sys-install in --nosys mode
2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/appctrl43-install'
2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/aptp-install'
2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/avira4-install'
2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/aws-install'
2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/cadata-install'
2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/geoip-install'
2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/geoipxtipv6-install'
2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/ipsbundle2-install'
2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/man9-install'
2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/ohelp9-install'
2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/sasi-install'
2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/savi-install'
2022:03:01-01:48:09 tul174 auisys[23142]: Starting Up2Date Package Installer
2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <man9> found, skipping
2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <aws> found, skipping
2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <avira4> found, skipping
2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <appctrl43> found, skipping
2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <ohelp9> found, skipping
2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <cadata> found, skipping
2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <ipsbundle2> found, skipping
2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <sasi> found, skipping
2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <savi> found, skipping
2022:03:01-01:48:09 tul174 auisys[23142]: Install u2d packages <geoipxtipv6>
2022:03:01-01:48:09 tul174 auisys[23142]: Starting installing up2date packages for type 'geoipxtipv6'
2022:03:01-01:48:09 tul174 auisys[23142]: Installing up2date package: /var/up2date/geoipxtipv6/u2d-geoipxtipv6-9.204-205.patch.tgz.gpg
2022:03:01-01:48:09 tul174 auisys[23142]: Verifying up2date package signature
2022:03:01-01:48:09 tul174 auisys[23142]: Unpacking installation instructions
2022:03:01-01:48:09 tul174 auisys[23142]: parsing installation instructions
2022:03:01-01:48:09 tul174 auisys[23142]: This is a patch. Setting required_version to 9.204
2022:03:01-01:48:09 tul174 auisys[23142]: Unpacking up2date package container
2022:03:01-01:48:09 tul174 auisys[23142]: Running pre-installation checks
2022:03:01-01:48:10 tul174 auisys[23142]: Starting up2date package installation
2022:03:01-01:48:22 tul174 auisys[23142]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.205" package="geoipxtipv6"
2022:03:01-01:48:22 tul174 auisys[23142]: [INFO-306] New Pattern Up2Dates installed
2022:03:01-01:48:22 tul174 auisys[23142]: Install u2d packages <aptp>
2022:03:01-01:48:22 tul174 auisys[23142]: Starting installing up2date packages for type 'aptp'
2022:03:01-01:48:22 tul174 auisys[23142]: Installing up2date package: /var/up2date/aptp/u2d-aptp-9.50223.tgz.gpg
2022:03:01-01:48:22 tul174 auisys[23142]: Verifying up2date package signature
2022:03:01-01:48:23 tul174 auisys[23142]: Unpacking installation instructions
2022:03:01-01:48:23 tul174 auisys[23142]: parsing installation instructions
2022:03:01-01:48:23 tul174 auisys[23142]: Unpacking up2date package container
2022:03:01-01:48:23 tul174 auisys[23142]: Running pre-installation checks
2022:03:01-01:48:23 tul174 auisys[23142]: Starting up2date package installation
2022:03:01-01:48:38 tul174 auisys[23142]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.50223" package="aptp"
2022:03:01-01:48:38 tul174 auisys[23142]: [INFO-306] New Pattern Up2Dates installed
2022:03:01-01:48:38 tul174 auisys[23142]: Install u2d packages <geoip>
2022:03:01-01:48:38 tul174 auisys[23142]: Starting installing up2date packages for type 'geoip'
2022:03:01-01:48:38 tul174 auisys[23142]: Installing up2date package: /var/up2date/geoip/u2d-geoip-7.214.tgz.gpg
2022:03:01-01:48:38 tul174 auisys[23142]: Verifying up2date package signature
2022:03:01-01:48:38 tul174 auisys[23142]: Unpacking installation instructions
2022:03:01-01:48:38 tul174 auisys[23142]: parsing installation instructions
2022:03:01-01:48:38 tul174 auisys[23142]: Unpacking up2date package container
2022:03:01-01:48:38 tul174 auisys[23142]: Running pre-installation checks
2022:03:01-01:48:38 tul174 auisys[23142]: Starting up2date package installation
2022:03:01-01:48:49 tul174 auisys[23142]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="7.214" package="geoip"
2022:03:01-01:48:49 tul174 auisys[23142]: [INFO-306] New Pattern Up2Dates installed
2022:03:01-01:48:50 tul174 auisys[23142]: Up2Date Package Installer finished, exiting
2022:03:01-01:48:50 tul174 auisys[23142]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, exiting"
2022:03:01-02:48:02 tul174 audld[27272]: no HA system or cluster node
2022:03:01-02:48:02 tul174 audld[27272]: patch up2date possible
2022:03:01-02:48:02 tul174 audld[27272]: Starting Secured Up2Date Package Downloader
2022:03:01-02:48:03 tul174 audld[27272]: Secured Up2date Authentication
2022:03:01-02:48:03 tul174 audld[27272]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
  • 0 in reply to Amodin

    Hello,

    Thank you for the additional info,  this seems to be a cosmetic issue rather than the up2date pattern not working, but tomorrow or Friday I should have a better update for the thread.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Unfiltered HTML