This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.406-3 released


Up2Date 9.406003 package description:

Remark:
System will be rebooted

News:
Security Release

Bugfixes:
Fix [NUTM-1616]: [AWS] Change AMI type to HVM
Fix [NUTM-4839]: [AWS] AWS Instances in GovCloud need to use S3 buckets in GovCloud
Fix [NUTM-5013]: [Network] TCP Vulnerability (CVE-2016-5696)

RPM packages contained:
perf-tools-3.12.48-0.237935773.g86aa827.i686.rpm
ep-ha-aws-9.40-191.g83c01f2.rb1.noarch.rpm
ep-webadmin-9.40-640.g7ad4baa.rb8.i686.rpm
ep-cloud-ec2-9.40-26.g00cde1e.rb2.i686.rpm
kernel-smp-3.12.48-0.237935773.g86aa827.i686.rpm
kernel-smp64-3.12.48-0.237935773.g86aa827.x86_64.rpm
ep-release-9.406-3.noarch.rpm



This thread was automatically locked due to age.
  • Does not look like the DHCP MTU issue is fixed though?!

    Anyone have heard of it?

    ----

    Best regards Martin ;-)

    Sophos UTM Certified Engineer 9.5
    Sophos  XG  Certified Engineer 17.1
    Homelab: 1 x SG210 XG v18 - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)

  • Installed on 6 UTM's so far - in private network :-) - Everything seems normal...

    ----

    Best regards Martin ;-)

    Sophos UTM Certified Engineer 9.5
    Sophos  XG  Certified Engineer 17.1
    Homelab: 1 x SG210 XG v18 - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)

  • I just tested it and I can confirm it was not fixed.

  • Sad to hear that...

    ----

    Best regards Martin ;-)

    Sophos UTM Certified Engineer 9.5
    Sophos  XG  Certified Engineer 17.1
    Homelab: 1 x SG210 XG v18 - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)

  • Really unacceptable from Sophos. Over a month later a still no patch and just one comment that they are working on it? Why couldn't they revert the change in the patch they released? 

    As others have said even tho we are home users the issue has been affecting licensed business users as well and it seems they really don't care. 

    Lets not mention the installer still has misnamed RPM packages it appears they haven't fixed that as well and that issue has been going on for a LONG time.

    Just poor from a supposed enterprise software company. To me it seems like amateur hour special. 

    Anybody have suggestions for a competitor product? 

  • I am one of those paying business customers and I have to say that I am increasingly disappointed with Sophos' ability to address bugs and the quality control aspect of patching. I now have 4 up2dates waiting to be installed because one is there to fix the previous and introduces a new problem and there still isn't a fix for the MTU issue.

  • twister5800 said:

    Installed on 6 UTM's so far - in private network :-) - Everything seems normal...

    Unfortunately, nothing normal here. Installed 9.406-3 on a client network and now the 2 BO-VPN connections don't pass any traffic. Totally at a loss as to how to fix it.

    I'm not at all happy this morning.

  • Trane Francks said:

    Unfortunately, nothing normal here. Installed 9.406-3 on a client network and now the 2 BO-VPN connections don't pass any traffic. Totally at a loss as to how to fix it.

    I'm not at all happy this morning.

    BO-VPN? - What is that?
    PLease post some IPSEC live logs from the device :-)

    ----

    Best regards Martin ;-)

    Sophos UTM Certified Engineer 9.5
    Sophos  XG  Certified Engineer 17.1
    Homelab: 1 x SG210 XG v18 - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)

  • twister5800 said:
    BO-VPN? - What is that?

    "Branch Office VPN". Another way of saying Site-to-Site.

    PLease post some IPSEC live logs from the device :-)
    Not much to see:
    2016:09:15-20:03:55 mnres pluto[5796]: "S_FW-xxx" #17: Peer ID is ID_IPV4_ADDR: 'xxx.xxx.xxx.xxx'
    2016:09:15-20:03:55 mnres pluto[5796]: "S_FW-xxx" #17: we don't have a cert
    2016:09:15-20:03:55 mnres pluto[5796]: "S_FW-xxx" #17: Dead Peer Detection (RFC 3706) enabled
    2016:09:15-20:03:55 mnres pluto[5796]: "S_FW-xxx" #17: sent MR3, ISAKMP SA established
    2016:09:15-20:12:17 mnres pluto[5796]: "S_FW-xxx" #18: responding to Quick Mode
    2016:09:15-20:12:18 mnres pluto[5796]: "S_FW-xxx" #18: IPsec SA established {ESP=>0x1b171b9d <0x79e15ac5 DPD}
    2016:09:15-20:20:33 mnres pluto[5796]: packet from xxx.xxx.xxx.xxx:500: Informational Exchange is for an unknown (expired?) SA
    2016:09:15-20:29:40 mnres pluto[5796]: "S_FW-xxx" #17: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xb77ca9a9) not found (maybe expired)
    2016:09:15-21:00:07 mnres pluto[5796]: "S_FW-xxx" #19: responding to Quick Mode
    2016:09:15-21:00:07 mnres pluto[5796]: "S_FW-xxx" #19: IPsec SA established {ESP=>0x7bb54e65 <0x9164dfce DPD}
  • Since installing this update, my WAN interface (DHCP, plugged into a cable modem) is down.  I tried to set a manual address (the last one I had) to no avail.  

    Anyone have a solution?

    Thanks