This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.406-3 released


Up2Date 9.406003 package description:

Remark:
System will be rebooted

News:
Security Release

Bugfixes:
Fix [NUTM-1616]: [AWS] Change AMI type to HVM
Fix [NUTM-4839]: [AWS] AWS Instances in GovCloud need to use S3 buckets in GovCloud
Fix [NUTM-5013]: [Network] TCP Vulnerability (CVE-2016-5696)

RPM packages contained:
perf-tools-3.12.48-0.237935773.g86aa827.i686.rpm
ep-ha-aws-9.40-191.g83c01f2.rb1.noarch.rpm
ep-webadmin-9.40-640.g7ad4baa.rb8.i686.rpm
ep-cloud-ec2-9.40-26.g00cde1e.rb2.i686.rpm
kernel-smp-3.12.48-0.237935773.g86aa827.i686.rpm
kernel-smp64-3.12.48-0.237935773.g86aa827.x86_64.rpm
ep-release-9.406-3.noarch.rpm



This thread was automatically locked due to age.
  • Installed on 3 UTM's without problem. Two with fixed IP, 1 with dynamic address.


    Managing several Sophos UTMs and a Sophos XG both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • You may be a victim of the change from a few updates ago. Check your MTU for the WAN interface to see if it changed from 1500 to 576.

  • Thanks Ryan,

    That it did.  I switched it back to 1500 to no avail.


    EDIT: I see there is more to it than changing it in the GUI.  I'll wait for an update (unless there is a better solution).  I'm still doing my research on this based on the MTU problem.

  • From what I saw, it involved SSH.

  • RyanDougherty said:

    From what I saw, it involved SSH.

    Yeah.. I tried what was described in https://community.sophos.com/products/unified-threat-management/f/52/t/79288  

    Unfortunately, that didnt help.  My MTU stays at 1500, but the WAN still stays down (even after issuing an ifconfig eth1 down, then ifconfig eth1 up).

    Reboot didnt help either..

    Thanks

  • Since Firmware version:9.406-3 installation i am faceing lot of crash dump and system is coming to halt

    I am on kvm /ubuntu 12.04

    how to post gdb /bt  for confd and cssd ?

    Thanks

  • How can a firmware update on a running AWS AMI change the type?

    • Fix [NUTM-1616]: [AWS] Change AMI type to HVM

    I'm assuming it can't so...

    I ran this release on a test instance and of course no change - still paravirtual.

    I also checked the AWS Marketplace and started a new Current Generation Sophos UTM 9 instance and of course - paravirtual.

  • Just crying in my cereal bowl after updating to this version. VPNs are NON-FUNCTIONAL, randomly spewing errors that pubkey isn't permitted or "sendto on ppp0 to xxx.xxx.xxx.xxx:500 failed in main_outI1. Errno 1: Operation not permitted" suggesting that the firewall is blocking VPN traffic. What a disaster. An absolute disaster.

  • Which version did you come from? Post 9.405? If so, you might be affected by MTU DHCP bug.... Check MTU setting on your external interface.


    Managing several Sophos UTMs and a Sophos XG both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • I followed those instructions for a dynamic Comcast line and luckily it worked great.

    I may still reload with the previous release though because I prefer not to hack the OS.

    As a Sophos Partner, it's disappointing indeed but they still make the best security products for our customers.

    This is exactly why we don't update firewalls right away unless a fix is absolutely needed.