This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Update 9.709 - no problems

Installed UTM Update 9.709 manually in five differenet locations now, all sizes of networks and systems.

Running several days now and no problems so far.

Link: https://community.sophos.com/utm-firewall/b/blog/posts/utm-up2date-9-709-released



This thread was automatically locked due to age.
Parents
  • Yeah, and along with several posts in UTM, we've noticed Pattern updates don't appear to be working correctly (stuck for a month at the same pattern - 206808).

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Thank you , it is doing the issue of not updating past pattern 206808, on home licenses, FULL licenses on 115, 135, 210 SG appliances with or without sandbox.  They're all doing it.  I tried restoring back to 9.708, and even 9.707 with the same results. 

    What is a current pattern# just so we know we're not nuts?

    Here's a log with no errors off the 9.707 just so noone will ask for a log, everyone wants to see a log. haha

    2022:03:01-19:07:35 a50w audld[28877]: no HA system or cluster node
    2022:03:01-19:07:35 a50w audld[28877]: patch up2date possible
    2022:03:01-19:07:35 a50w audld[28877]: Starting Secured Up2Date Package Downloader
    2022:03:01-19:07:36 a50w audld[28877]: Secured Up2date Authentication
    2022:03:01-19:07:36 a50w audld[28877]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-19:26:20 a50w audld[9098]: no HA system or cluster node
    2022:03:01-19:26:21 a50w audld[9098]: patch up2date possible
    2022:03:01-19:26:21 a50w audld[9098]: Starting Secured Up2Date Package Downloader
    2022:03:01-19:26:21 a50w audld[9098]: Secured Up2date Authentication
    2022:03:01-19:26:21 a50w audld[9098]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-20:10:19 a50w audld[13638]: no HA system or cluster node
    2022:03:01-20:10:19 a50w audld[13638]: patch up2date possible
    2022:03:01-20:10:19 a50w audld[13638]: Starting Secured Up2Date Package Downloader
    2022:03:01-20:10:20 a50w audld[13638]: Secured Up2date Authentication
    2022:03:01-20:10:20 a50w audld[13638]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-20:10:24 a50w audld[13638]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="sys"
    2022:03:01-20:10:49 a50w audld[13727]: no HA system or cluster node
    2022:03:01-20:10:50 a50w audld[13727]: patch up2date possible
    2022:03:01-20:10:50 a50w audld[13727]: Starting Secured Up2Date Package Downloader
    2022:03:01-20:10:51 a50w audld[13727]: Secured Up2date Authentication
    2022:03:01-20:10:51 a50w audld[13727]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-20:12:01 a50w audld[13935]: no HA system or cluster node
    2022:03:01-20:12:02 a50w audld[13935]: patch up2date possible
    2022:03:01-20:12:02 a50w audld[13935]: Starting Secured Up2Date Package Downloader
    2022:03:01-20:12:02 a50w audld[13935]: Secured Up2date Authentication
    2022:03:01-20:12:03 a50w audld[13935]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-20:14:46 a50w audld[14586]: no HA system or cluster node
    2022:03:01-20:14:47 a50w audld[14586]: patch up2date possible
    2022:03:01-20:14:47 a50w audld[14586]: Starting Secured Up2Date Package Downloader
    2022:03:01-20:14:47 a50w audld[14586]: Secured Up2date Authentication
    2022:03:01-20:14:47 a50w audld[14586]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-20:15:18 a50w audld[14735]: no HA system or cluster node
    2022:03:01-20:15:18 a50w audld[14735]: patch up2date possible
    2022:03:01-20:15:18 a50w audld[14735]: Starting Secured Up2Date Package Downloader
    2022:03:01-20:15:19 a50w audld[14735]: Secured Up2date Authentication
    2022:03:01-20:15:19 a50w audld[14735]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-20:17:01 a50w audld[15043]: no HA system or cluster node
    2022:03:01-20:17:02 a50w audld[15043]: patch up2date possible
    2022:03:01-20:17:02 a50w audld[15043]: Starting Secured Up2Date Package Downloader
    2022:03:01-20:17:03 a50w audld[15043]: Secured Up2date Authentication
    2022:03:01-20:17:03 a50w audld[15043]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
  • A good summary here.......----->>>>

    Also ... here is more info. usually the appliances that have email filtering have dns set to nothing which goes to the root servers, so the DNSBLs will WORK properly.  I just for fun tried 8888 and 1111, cleared dns cache twice as per findings years ago, and rebooted the appliances. 

    Just so noone gets dizzy from reading all these posts, the nonupdating of the patterns beyond 206808 happens on 3 Year Full Guard licenses on SG 125, 135, and 210 appliances, as well as home licenses. 

    Turning off IPS and country blocking and port scanning and the other 3 ips settings doesn't fix it either. 

    There are no dns errors in the update logs, the logs say there is NO UPDATE, thus why I asked what is the current version of pattern update?

    The non update of the pattern happens on different ISPs, AT&T fiber, AT&T 100mbit fiber, Cox cable modem, and COLO bgp circuits, 

    the non update of the pattern happens on 9.707, 708, and 709, I have one test image of 9.707, i restored it on vmware back to November 21, 2021 and it doesn't update past the 206808 pattern.

    I tried turning off all threat blocking things, country blocking, ddos, ATP, IPS etc.

    I allowlisted/excluded as many of the up2date ips and FQDNs I could find , rebooted after flushing dns again, still no update.

    Ideas anyone, I guess I can restore back to a yet earlier version.  I'll try that later.

  • Some things are getting updated, I looked after someone else said they said things in middleware I guess are updating.

    geoip and aptp DO GET UPDATED in the below log but the pattern # still shows 206808 THIS NEEDS TO BE SHOWN to the brains in DEVOPS or wherever?

    2022:03:01-01:48:01 tul174 audld[23097]: no HA system or cluster node
    2022:03:01-01:48:01 tul174 audld[23097]: patch up2date possible
    2022:03:01-01:48:01 tul174 audld[23097]: Starting Secured Up2Date Package Downloader
    2022:03:01-01:48:02 tul174 audld[23097]: Secured Up2date Authentication
    2022:03:01-01:48:02 tul174 audld[23097]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:03:01-01:48:03 tul174 audld[23097]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="geoipxtipv6"
    2022:03:01-01:48:04 tul174 audld[23097]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="geoip"
    2022:03:01-01:48:07 tul174 audld[23097]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="aptp"
    2022:03:01-01:48:08 tul174 auisys[23142]: no HA system or cluster node
    2022:03:01-01:48:08 tul174 auisys[23142]: waiting for db_verify to return (30 seconds max)
    2022:03:01-01:48:09 tul174 auisys[23142]: not cleaning /var/up2date/sys-install in --nosys mode
    2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/appctrl43-install'
    2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/aptp-install'
    2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/avira4-install'
    2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/aws-install'
    2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/cadata-install'
    2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/geoip-install'
    2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/geoipxtipv6-install'
    2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/ipsbundle2-install'
    2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/man9-install'
    2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/ohelp9-install'
    2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/sasi-install'
    2022:03:01-01:48:09 tul174 auisys[23142]: removing '/var/up2date/savi-install'
    2022:03:01-01:48:09 tul174 auisys[23142]: Starting Up2Date Package Installer
    2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <man9> found, skipping
    2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <aws> found, skipping
    2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <avira4> found, skipping
    2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <appctrl43> found, skipping
    2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <ohelp9> found, skipping
    2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <cadata> found, skipping
    2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <ipsbundle2> found, skipping
    2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <sasi> found, skipping
    2022:03:01-01:48:09 tul174 auisys[23142]: No suitable packages of type <savi> found, skipping
    2022:03:01-01:48:09 tul174 auisys[23142]: Install u2d packages <geoipxtipv6>
    2022:03:01-01:48:09 tul174 auisys[23142]: Starting installing up2date packages for type 'geoipxtipv6'
    2022:03:01-01:48:09 tul174 auisys[23142]: Installing up2date package: /var/up2date/geoipxtipv6/u2d-geoipxtipv6-9.204-205.patch.tgz.gpg
    2022:03:01-01:48:09 tul174 auisys[23142]: Verifying up2date package signature
    2022:03:01-01:48:09 tul174 auisys[23142]: Unpacking installation instructions
    2022:03:01-01:48:09 tul174 auisys[23142]: parsing installation instructions
    2022:03:01-01:48:09 tul174 auisys[23142]: This is a patch. Setting required_version to 9.204
    2022:03:01-01:48:09 tul174 auisys[23142]: Unpacking up2date package container
    2022:03:01-01:48:09 tul174 auisys[23142]: Running pre-installation checks
    2022:03:01-01:48:10 tul174 auisys[23142]: Starting up2date package installation
    2022:03:01-01:48:22 tul174 auisys[23142]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.205" package="geoipxtipv6"
    2022:03:01-01:48:22 tul174 auisys[23142]: [INFO-306] New Pattern Up2Dates installed
    2022:03:01-01:48:22 tul174 auisys[23142]: Install u2d packages <aptp>
    2022:03:01-01:48:22 tul174 auisys[23142]: Starting installing up2date packages for type 'aptp'
    2022:03:01-01:48:22 tul174 auisys[23142]: Installing up2date package: /var/up2date/aptp/u2d-aptp-9.50223.tgz.gpg
    2022:03:01-01:48:22 tul174 auisys[23142]: Verifying up2date package signature
    2022:03:01-01:48:23 tul174 auisys[23142]: Unpacking installation instructions
    2022:03:01-01:48:23 tul174 auisys[23142]: parsing installation instructions
    2022:03:01-01:48:23 tul174 auisys[23142]: Unpacking up2date package container
    2022:03:01-01:48:23 tul174 auisys[23142]: Running pre-installation checks
    2022:03:01-01:48:23 tul174 auisys[23142]: Starting up2date package installation
    2022:03:01-01:48:38 tul174 auisys[23142]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.50223" package="aptp"
    2022:03:01-01:48:38 tul174 auisys[23142]: [INFO-306] New Pattern Up2Dates installed
    2022:03:01-01:48:38 tul174 auisys[23142]: Install u2d packages <geoip>
    2022:03:01-01:48:38 tul174 auisys[23142]: Starting installing up2date packages for type 'geoip'
    2022:03:01-01:48:38 tul174 auisys[23142]: Installing up2date package: /var/up2date/geoip/u2d-geoip-7.214.tgz.gpg
    2022:03:01-01:48:38 tul174 auisys[23142]: Verifying up2date package signature
    2022:03:01-01:48:38 tul174 auisys[23142]: Unpacking installation instructions
    2022:03:01-01:48:38 tul174 auisys[23142]: parsing installation instructions
    2022:03:01-01:48:38 tul174 auisys[23142]: Unpacking up2date package container
    2022:03:01-01:48:38 tul174 auisys[23142]: Running pre-installation checks
    2022:03:01-01:48:38 tul174 auisys[23142]: Starting up2date package installation
    2022:03:01-01:48:49 tul174 auisys[23142]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="7.214" package="geoip"
    2022:03:01-01:48:49 tul174 auisys[23142]: [INFO-306] New Pattern Up2Dates installed
    2022:03:01-01:48:50 tul174 auisys[23142]: Up2Date Package Installer finished, exiting
    2022:03:01-01:48:50 tul174 auisys[23142]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, exiting"
    2022:03:01-02:48:02 tul174 audld[27272]: no HA system or cluster node
    2022:03:01-02:48:02 tul174 audld[27272]: patch up2date possible
    2022:03:01-02:48:02 tul174 audld[27272]: Starting Secured Up2Date Package Downloader
    2022:03:01-02:48:03 tul174 audld[27272]: Secured Up2date Authentication
    2022:03:01-02:48:03 tul174 audld[27272]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    
  • Hello,

    Thank you for the additional info,  this seems to be a cosmetic issue rather than the up2date pattern not working, but tomorrow or Friday I should have a better update for the thread.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Exactly , i just happened to see those packages update in the live log, to give credit to someone, I don't know who on another discussion mentioned they had updates happening, I think the post was 7 or 10 years old, I don't know it did those updates in there, i thought it was just the geoip database, and the cyren database.  Noone tells us, we have to figure it out from people doing command line stuff haha.thanks for checking on it, we in the UTM vs XG community feel a little neglected from time to time.  I hope and pray the UTM SG line continues on for a while, the XG just is NOT ready for heavy or serious use, from talking to others that install it and get yelled at.  Thank you so much, will monitor this channel.....

  • The problem with the pattern number incrementing has been identified and is being resolved.

    This issue is completely cosmetic and has not had any impact on the continued download and updating of the various pattern sets.

    The pattern number displayed on the WebAdmin screen is usually incremented each time we publish an update to any of the individual up2date pattern sets. It's part of the update, but it is only used for display. The version number of each pattern set is used to check whether any actual updates are required.

    We have identified the cause and corrected it. It was related to some recent changes in the hosting infrastructure for our up2date publishing services.

    You should see the pattern number start to increment again later today.

  • Thank you, for getting this started, and following up, that's how to get things done these days. Some of us noticed the hosting changes and I noticed that also.  People like me have learned to shutup. haha 

    FYI, It would be a good idea if 1/2 the update servers were to stay on amazonaws, then get another cloud vendor for the other 1/2.  AmazonAWS has psychological issues occasionally, then stuff starts working again without ever admitting the error. 

    I know you can't run the entire company, but may mention to someone that even amazon.com does NOT USE amazonaws for their own DNS, go check that out. haha.  SERIOUSLY.  Noone listens to me unless they're paying $1500 per hour and they're in serious trouble.

  • Thanks - glad to know they got this identified after our conversation Tuesday afternoon.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes sir , I'm glad you're doing OK.  This was a weird one for sure.  Thank you for letting me access your brain for a bit.

Reply Children
No Data