Advisory: Sophos Endpoint - "Your connection isn't private." We're aware of a certificate issue and are actively working to resolve it. Please see: KB-000045954 for the latest updates.

External Interface (WAN) State=Down Link=Up ----- Corruption/Fix

Hope this info helps someone.

Today was one of those days when "something" crashed the home network... No traffic/UTM stopped responding etc

Restarted the UTM and the Mesh/ONT routers too as it seemed like a good idea.

Unfortunately the once the UTM was up the WAN was State=Down... figured the fibre router had possibly updated/reset to default, possibly a MAC address change etc etc...

Everything was able to see each other, ping's working fine, MAC fine and the routers working fine with a connection/DNS etc and serving websites on a direct connect to the fibre router.

The UTM External WAN Interface was not responding to "Renew" and any minor edits to the object came back with an error.

A search on the forums suggested deleting the External Interface and recreating it... NOT A GOOD IDEA and a last resort. Yes sure if its a new install, but if this is your hard baked system, you will need to reconfigure and recreate any instance of the Interface use following a delete...

Fix: Management > Backup/Restore ... pick the most recent one and all should be good

I would suggest a download of few of the backups in case this doesn't work and need to rebuild



  • UTM's interface management is quite clunky at command line.  Pfsense/Opnsense allow you to configure primary interfaces quickly and easily from console. With utm, you need to use cc to figure out interface naming and perform reassignment.  I've done it before, it's painful!!

    There's an option in the next tab over to have daily/weekly/monthly backups emailed. I have that enabled for weekly (daily seems excessive). Saves the trouble of remembering to grab periodic config backups.

    Be advised, this is just the settings, no log data is contained in these config files.

    About every quarter or so, I'll generate a full system image. This is done easily given utm runs as a vm instance and not bare metal.