Sophos UTM: After Update to 9.719 IPS not working and Snort not running

Question

After update to version 9.719 IPS not working properly anymore. Every 10 minutes snort not running - restarted messages.

emmosophos · Accepted Answer

Hello Community, 
 If you are being affected by this, please run the following command from root # 
 cc set ips snortsettings disable_normalization 1 
 And confirm the setting has changed to 1 by running the following command 
 cc get ips snortsettings disable_normalization 
 Note: This command will restart snort automatically 
 Additionally, if the issue persists after you entered the commands, please open a case with Support and mention NUTM-14593 
 Regards,

emmosophos · Answer

Hello Community, 
 The following KB has been released. 
 https://support.sophos.com/support/s/article/KB-000045966?language=en_US 
 Regards,

bobbylam · Answer

In 9.719 we enabled normalization for improved IPS detection. However it looks like with some specific traffic, normalization causes snort to crash. We have disabled normalization with the update for now (restoring 9.718 and prior behaviour), while we investigate these crashes.

Vivek Jagad · Answer

Development released a hotfix that resolves this issue on 9 March 2024 at 08:00 UTC.} RESOLVED Advisory: IPS crashing after upgrade to Sophos UTM 9.719

Sophos UTM: After Update to 9.719 IPS not working and Snort not running

Top Replies