This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.510-4 released - let's share experiences!

Released yesterday:

https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-510-released

 

Found out so far, that mailmanager is broken:

Others? :-)



This thread was automatically locked due to age.
  • I had my AP55 at home drop all connections, rebooted it to get devices connected again.  Took a look in the wireless log, and it's full of this:

    2018:07:22-01:19:32 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:32 firewall awed[4678]: Use of uninitialized value in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:32 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:32 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:32 firewall awed[4678]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:32 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:35 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:35 firewall awed[4678]: Use of uninitialized value in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:35 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:35 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:35 firewall awed[4678]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:35 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:38 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:38 firewall awed[4678]: Use of uninitialized value in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:38 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:38 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:38 firewall awed[4678]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:38 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:41 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:41 firewall awed[4678]: Use of uninitialized value in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:41 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:41 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:41 firewall awed[4678]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:41 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:44 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:44 firewall awed[4678]: Use of uninitialized value in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:44 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:44 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:44 firewall awed[4678]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:44 firewall awed[4678]: 1 main::updateActiveAweLocalChannels

  • does the ap55 still work?

  • AP55 is working after reboot.

    Here's something strange.  I modified /etc/hostapd/hostapd.conf-default to get the internal WiFi NIC working in case the AP55 wasn't going to by changing:

    #ht_capab=[<HT_CAPAB>]
    ht_capab=[HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
     
    After reboot, I'm not seeing the flood of messages anymore.
  • Hello Marco,

     

    i think it is the TLS Renegotation protection.

    show there https://wiki.mozilla.org/Security:Renegotiation

    i have TLS1.2 activate and it running.

    br Christian

    Br McWolle

    Sophos Certified Engineer (SCE)
    Sophos Certified Architect (SCA)

  • I removed the internal wifi (LocalWifi0) from the SSID, and the log flood returned, this time a little different:

    2018:07:23-17:01:02 crawl awed[4729]: WARN -------------------------------------------------------
    2018:07:23-17:01:02 crawl awed[4729]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:23-17:01:02 crawl awed[4729]: 1 main::updateActiveAweLocalChannels
    2018:07:23-17:01:02 crawl awed[4729]: WARN -------------------------------------------------------
    2018:07:23-17:01:02 crawl awed[4729]: Use of uninitialized value $phyNumber in string eq at awed_ng.pl line 2526.
    2018:07:23-17:01:02 crawl awed[4729]: 1 main::updateActiveAweLocalChannels
    2018:07:23-17:01:05 crawl awed[4729]: WARN -------------------------------------------------------
    2018:07:23-17:01:05 crawl awed[4729]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:23-17:01:05 crawl awed[4729]: 1 main::updateActiveAweLocalChannels
    2018:07:23-17:01:05 crawl awed[4729]: WARN -------------------------------------------------------
    2018:07:23-17:01:05 crawl awed[4729]: Use of uninitialized value $phyNumber in string eq at awed_ng.pl line 2526.
    2018:07:23-17:01:05 crawl awed[4729]: 1 main::updateActiveAweLocalChannels
  • My name in the callout verification tls issue hat as well.  Hopefully a quick 9.510-5+ build with the appropriate fix.

    Anyone opened a ticket on this yet?

  • you can switch the TLS-Version to 1.2 in the advanced tab since 9.510. After that, callout verification works.

  • No luck. After switching to TLS 1.2 the same error occurs:

     

    2018-07-30 11:23:13 [46.254.125.74] F=<prvs=074914ada1=sender> R=<rcpt> Verifying recipient address with callout
    2018:07:30-11:23:13 sophos-2 exim-in[50277]: 2018-07-30 11:23:13 TLS error on connection from <mailserver> (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)
     
  • My bad! This is incorrect information.

  • Seeing a ton of these messages every few seconds in the DNS proxy log.

    No idea where to even look to resolve this...?   Don't see these messages in the previous logs, only after updating to 9.510-4.

    UPDATE:

    This flood of messages occurs when dns forwarding is configured (network services/dns/forwarders). Doesn't matter what goes in there, google, cloudflare, opendns, etc.  All cause these messages to be generated multiple times a minute. Happens regardless if "Use forwarders assigned by ISP" is checked ornot.

    UPDATE 2:

    Set up a test utm installation. Using ssh to do nslookups directly from the utm.  Every time a dns lookup is initiated (ping, nslookup), the resolver priming query line below is generated in the log if a dns forwarder is configured.  This is reproducible on the main utm too.

    So to keep the flood of these from filling up the dns proxy log, nothing on the dns forwarding screen needs to be configured or checked.

    2018:07:30-18:38:58 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:38:59 utm named[5294]: resolver priming query complete
    2018:07:30-18:38:59 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:39:04 utm named[5294]: resolver priming query complete
    2018:07:30-18:39:10 utm named[5294]: resolver priming query complete
    2018:07:30-18:39:11 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:39:16 utm named[5294]: resolver priming query complete
    2018:07:30-18:39:25 utm named[5294]: resolver priming query complete
    2018:07:30-18:39:48 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:06 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:10 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:16 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:18 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:24 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:24 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:40:30 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:30 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:40:35 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:38 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:41 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:41 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:40:42 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:42 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:40:51 utm named[5294]: resolver priming query complete