This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.409-8 and 9.409-9 released

REMEMBER: Be carefull not to install before holidays :-D 


Up2Date 9.409008 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade
Connected Wifi APs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-2392]: [AWS] Allow the user to select the security group to port during conversion
Fix [NUTM-5327]: [AWS] Confd object missing after instance recovery in HA scenario
Fix [NUTM-5339]: [AWS] [RESTD] allow unauthenticated access from localhost
Fix [NUTM-5466]: [AWS] ssh disabled - No connection to stack instances
Fix [NUTM-5882]: [AWS] Logging & Reporting overview does not show any information
Fix [NUTM-5901]: [AWS] [RESTD] Improve webadmin UI and documentation
Fix [NUTM-5981]: [AWS] Conversion feature always converts to BYOL
Fix [NUTM-6013]: [AWS] Fix communication issue with S3
Fix [NUTM-5110]: [Access & Identity] Since version 9.404 L2TP with Android doesn't work
Fix [NUTM-5562]: [Access & Identity] UTM to UTM RED Tunnel doesn't work anymore after only TLS 1.2 is allowed
Fix [NUTM-5674]: [Access & Identity] REDs offline after HA takeover - 'RED is not bound to this system, disabling device'
Fix [NUTM-5840]: [Access & Identity] 3G to WAN failover on RED15/RED50 does not work
Fix [NUTM-5661]: [Basesystem] quagga security update (CVE-2016-1245)
Fix [NUTM-5701]: [Basesystem] named fails to start after invalid host record
Fix [NUTM-5779]: [Basesystem] bind security update (CVE-2016-8864)
Fix [NUTM-5769]: [Confd] Configd error Datatype.pm line 319
Fix [NUTM-5787]: [Confd] Bridge can't be converted back to ethernet if only red interfaces are used
Fix [NUTM-5997]: [Localization] Japanese translation error if using a string longer than 64 bytes as common_name
Fix [NUTM-5533]: [Network] 'Block invalid packets' option doesn't block invalid packets
Fix [NUTM-5595]: [Network] SIP Helper behavior clarification in 'Any' expectation mode
Fix [NUTM-5513]: [Reporting] RRD reporting doesn't show the warnings and alerts of the slave nodes in cluster setups
Fix [NUTM-5655]: [Reporting] Wrong count on websecvisits data
Fix [NUTM-5792]: [WAF] WAF coredump'ed after regular session cleanup
Fix [NUTM-5856]: [WAF] Special characters are encoded when HTML rewrite is enabled
Fix [NUTM-5075]: [WebAdmin] User test is not working with LDAP special characters in Base DN
Fix [NUTM-5317]: [WebAdmin] Persistent cookie for user portal working only once
Fix [NUTM-5761]: [WebAdmin] Translation in Webadmin is not consistent (web protection)
Fix [NUTM-5811]: [WebAdmin] Misleading default QoS interface downlink/uplink values
Fix [NUTM-5888]: [WebAdmin] Since v9.408 Authentication Server test fails after first creation
Fix [NUTM-5963]: [Web] Sandstorm not delivering Emails files from "Scan Pending" state
Fix [NUTM-5303]: [WiFi] Characters in Hotspot terms of use not encoded correctly
Fix [NUTM-5876]: [WiFi] User field is blank on login at Hotspot with voucher
Fix [NUTM-6128]: [WiFi] FollowUp-NUTM-5303 - Characters in Hotspot terms of use not encoded correctly

RPM packages contained:
areca-raidtool-1.14.7_150519-0.245443774.gc41ae38.rb2.i686.rpm
firmwares-bamboo-9400-0.242918586.g2280645.rb4.i586.rpm
perf-tools-3.12.58-0.247006440.g4dc0e52.rb2.i686.rpm
red-firmware2-5037-0.244711945.gedada09.rb1.noarch.rpm
red15-firmware-5037-0.244711847.g1deb403.rb8.noarch.rpm
ep-reporting-9.40-29.g90cc60c.rb3.i686.rpm
ep-reporting-c-9.40-31.g7281c5d.rb6.i686.rpm
ep-reporting-resources-9.40-29.g90cc60c.rb3.i686.rpm
ep-branding-ASG-afg-9.40-49.g606e7f4.rb5.noarch.rpm
ep-branding-ASG-ang-9.40-49.g606e7f4.rb5.noarch.rpm
ep-branding-ASG-asg-9.40-49.g606e7f4.rb5.noarch.rpm
ep-branding-ASG-atg-9.40-49.g606e7f4.rb5.noarch.rpm
ep-branding-ASG-aug-9.40-49.g606e7f4.rb5.noarch.rpm
ep-confd-9.40-884.gca4b5d4.i686.rpm
ep-confd-tools-9.40-844.g4116001.rb9.i686.rpm
ep-ha-aws-9.40-267.ga749d04.rb2.noarch.rpm
ep-hardware-9.40-5.g9c7328b.rb2.i686.rpm
ep-hotspot-web-9.40-2.g995b903.rb2.i686.rpm
ep-libs-9.40-31.gf393e2d.rb4.i686.rpm
ep-localization-afg-9.40-29.g3b3e2a3.rb4.i686.rpm
ep-localization-ang-9.40-29.g3b3e2a3.rb4.i686.rpm
ep-localization-asg-9.40-29.g3b3e2a3.rb4.i686.rpm
ep-localization-atg-9.40-29.g3b3e2a3.rb4.i686.rpm
ep-localization-aug-9.40-29.g3b3e2a3.rb4.i686.rpm
ep-mdw-9.40-526.gf9982d4.i686.rpm
ep-migration-agent-9.40-0.246104121.ge7b057e.rb2.i686.rpm
ep-postgresql92-9.40-43.g1c68931.i686.rpm
ep-raidtools-9.40-3.geda233c.rb3.i686.rpm
ep-red-9.40-16.gd63555f.rb3.i686.rpm
ep-restd-9.40-0.247333273.g9cf7005.i686.rpm
ep-sandboxd-9.40-0.246501690.g02110ce.rb2.i686.rpm
ep-screenmgr-9.40-1.g05ac056.rb19.i686.rpm
ep-up2date-9.40-16.gf6c446d.rb2.i686.rpm
ep-up2date-downloader-9.40-16.gf6c446d.rb2.i686.rpm
ep-up2date-pattern-install-9.40-16.gf6c446d.rb2.i686.rpm
ep-up2date-system-install-9.40-16.gf6c446d.rb2.i686.rpm
ep-webadmin-9.40-738.gabd230e.rb5.i686.rpm
ep-webadmin-contentmanager-9.40-49.g76da84a.rb14.i686.rpm
ep-cloud-ec2-9.40-44.g9e00ba0.rb2.i686.rpm
chroot-bind-9.10.4_P4-1.g18ebdbb.rb5.i686.rpm
chroot-ipsec-9.40-9.gf6f1284.rb6.i686.rpm
chroot-reverseproxy-2.4.10-247.g9afa6f6.rb2.i686.rpm
quagga-chroot-0.99.24-1.g2274434.rb9.i686.rpm
kernel-smp-3.12.58-0.247006440.g4dc0e52.rb2.i686.rpm
kernel-smp64-3.12.58-0.247006440.g4dc0e52.rb2.x86_64.rpm
ep-release-9.409-8.noarch.rpm



This thread was automatically locked due to age.
  • Unknown said:

    Was just teasin you as you seemed to be as well.  No offense taken, 3am, working too late. 

     

    He he I understand completely :-)

    Here is my log, I was at 9.408 already, did you also go from there or did you install two or more updates simultaniously?

     

    2016:12:21-09:46:49 mail auisys[1071]: no HA system or cluster node
    2016:12:21-09:46:49 mail auisys[1071]: waiting for db_verify to return (30 seconds max)
    2016:12:21-09:46:50 mail auisys[1071]: removing '/var/up2date/aptp-install'
    2016:12:21-09:46:50 mail auisys[1071]: removing '/var/up2date/avira-xvdf-install'
    2016:12:21-09:46:50 mail auisys[1071]: removing '/var/up2date/geoip-install'
    2016:12:21-09:46:50 mail auisys[1071]: removing '/var/up2date/ipsbundle-install'
    2016:12:21-09:46:50 mail auisys[1071]: removing '/var/up2date/man9-install'
    2016:12:21-09:46:50 mail auisys[1071]: removing '/var/up2date/ohelp9-install'
    2016:12:21-09:46:50 mail auisys[1071]: removing '/var/up2date/savi-install'
    2016:12:21-09:46:50 mail auisys[1071]: removing '/var/up2date/sys-install'
    2016:12:21-09:46:50 mail auisys[1071]: Starting Up2Date Package Installer
    2016:12:21-09:46:50 mail auisys[1071]: Install u2d packages <sys>
    2016:12:21-09:46:50 mail auisys[1071]: Starting installing up2date packages for type 'sys'
    2016:12:21-09:46:50 mail auisys[1071]: Installing up2date package: /var/up2date/sys/u2d-sys-9.408004-409008.tgz.gpg
    2016:12:21-09:46:51 mail auisys[1071]: Verifying up2date package signature
    2016:12:21-09:46:54 mail auisys[1071]: Unpacking installation instructions
    2016:12:21-09:46:55 mail auisys[1071]: parsing installation instructions
    2016:12:21-09:46:55 mail auisys[1071]: Unpacking up2date package container
    2016:12:21-09:46:57 mail auisys[1071]: Running pre-installation checks
    2016:12:21-09:47:00 mail auisys[1071]: Not installing optional ep-branding-ASG-afg
    2016:12:21-09:47:00 mail auisys[1071]: Not installing optional ep-branding-ASG-ang
    2016:12:21-09:47:00 mail auisys[1071]: Not installing optional ep-branding-ASG-atg
    2016:12:21-09:47:01 mail auisys[1071]: Not installing optional ep-branding-ASG-aug
    2016:12:21-09:47:01 mail auisys[1071]: Not installing optional ep-ha-aws
    2016:12:21-09:47:02 mail auisys[1071]: Not installing optional ep-localization-afg
    2016:12:21-09:47:02 mail auisys[1071]: Not installing optional ep-localization-ang
    2016:12:21-09:47:03 mail auisys[1071]: Not installing optional ep-localization-atg
    2016:12:21-09:47:03 mail auisys[1071]: Not installing optional ep-localization-aug
    2016:12:21-09:47:04 mail auisys[1071]: Not installing optional ep-cloud-ec2
    2016:12:21-09:47:05 mail auisys[1071]: Not installing optional kernel-smp
    2016:12:21-09:47:06 mail auisys[1071]: Creating automatic configuration backup
    2016:12:21-09:47:06 mail auisys[1071]: Starting up2date package installation
    2016:12:21-09:48:00 mail auisys[1071]: New system version: 9.409008
    2016:12:21-09:48:00 mail auisys[1071]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.409008" package="sys"
    2016:12:21-09:48:00 mail auisys[1071]: [INFO-302] New Firmware Up2Date installed
    2016:12:21-09:48:01 mail audld[7077]: no HA system or cluster node
    2016:12:21-09:48:01 mail audld[7077]: Starting Up2Date Package Downloader
    2016:12:21-09:48:02 mail audld[7077]: patch up2date possible
    2016:12:21-09:48:21 mail auisys[1071]: Up2Date Package Installer finished, exiting
    2016:12:21-09:48:21 mail auisys[1071]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, exiting"
    2016:12:21-09:48:21 mail auisys[1071]: Initiating reboot
    2016:12:21-09:48:23 mail audld[7077]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2016:12:21-09:58:01 mail audld[10057]: no HA system or cluster node
    2016:12:21-09:58:01 mail audld[10057]: Starting Up2Date Package Downloader
    2016:12:21-09:58:02 mail audld[10057]: patch up2date possible
    2016:12:21-09:58:24 mail audld[10057]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2016:12:21-09:58:25 mail audld[10057]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="aptp"
    2016:12:21-09:58:25 mail auisys[10198]: no HA system or cluster node
    2016:12:21-09:58:25 mail auisys[10198]: waiting for db_verify to return (30 seconds max)
    2016:12:21-09:58:27 mail auisys[10198]: not cleaning /var/up2date/sys-install in --nosys mode
    2016:12:21-09:58:27 mail auisys[10198]: Starting Up2Date Package Installer
    2016:12:21-09:58:27 mail auisys[10198]: No suitable packages of type <man9> found, skipping
    2016:12:21-09:58:27 mail auisys[10198]: No suitable packages of type <ohelp9> found, skipping
    2016:12:21-09:58:27 mail auisys[10198]: No suitable packages of type <avira-xvdf> found, skipping
    2016:12:21-09:58:27 mail auisys[10198]: No suitable packages of type <geoip> found, skipping
    2016:12:21-09:58:27 mail auisys[10198]: No suitable packages of type <ipsbundle> found, skipping
    2016:12:21-09:58:27 mail auisys[10198]: No suitable packages of type <savi> found, skipping
    2016:12:21-09:58:27 mail auisys[10198]: Install u2d packages <aptp>
    2016:12:21-09:58:27 mail auisys[10198]: Starting installing up2date packages for type 'aptp'
    2016:12:21-09:58:27 mail auisys[10198]: Installing up2date package: /var/up2date/aptp/u2d-aptp-9.20108.tgz.gpg
    2016:12:21-09:58:27 mail auisys[10198]: Verifying up2date package signature
    2016:12:21-09:58:27 mail auisys[10198]: Unpacking installation instructions
    2016:12:21-09:58:27 mail auisys[10198]: parsing installation instructions
    2016:12:21-09:58:27 mail auisys[10198]: Unpacking up2date package container
    2016:12:21-09:58:27 mail auisys[10198]: Running pre-installation checks
    2016:12:21-09:58:27 mail auisys[10198]: Starting up2date package installation
    2016:12:21-09:58:39 mail auisys[10198]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.20108" package="aptp"
    2016:12:21-09:58:39 mail auisys[10198]: [INFO-306] New Pattern Up2Dates installed
    2016:12:21-09:58:40 mail auisys[10198]: Up2Date Package Installer finished, exiting
    2016:12:21-09:58:40 mail auisys[10198]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, exiting"
    2016:12:21-10:13:01 mail audld[15402]: no HA system or cluster node
    2016:12:21-10:13:01 mail audld[15402]: Starting Up2Date Package Downloader
    2016:12:21-10:13:02 mail audld[15402]: patch up2date possible
    2016:12:21-10:13:10 mail audld[15402]: Could not connect to Authentication Server 79.125.21.244 (code=500 500 Internal Server Error).
    2016:12:21-10:13:13 mail audld[15402]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • Hi All,

    There is an issue with the update package for v9.409-8. We are working to fix it asap.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hi Sachin,

    Thank you for the update. We also tried running the upgrade on our SG450 Appliances (Hot Standby Mode) and it failed.

    Best regards,

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

  • My 4 other home utms did not update either, funny that the first one did ?!

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • Hi all,

    sorry for this issue.

     

    The issue occurs on all machines which have been installed with 9.406 or earlier. Newer installations do not see the problem.

    The issue is a replaced RPM (in 9.406) which was unfortunately not removed from the system.

     

    The update packages is removed from the update server to prevent more people running into this issue. 

    We are currently creating a new update package which will remove the RPM first. This new update will replace the broken one (9.408-4 to 9.409-8) on the system automatically. 

    People who successfully updated to 9.409-8 will see an additional update to the new build of 9.409.

     

    /talex

    /talex

    - 21 is only half of the truth

  • A few minutes ago I wanted to schedule the installation of the update:

    Logged into my UTM
    Management - *click*
    Up2Date - *click*
    Install - *click*

    NOOOOOOO!

    I accidently clicked on install instead of schedule. I was thinking about what was going to happen now. The downtime, all Voip-PBX-Calls are getting cut off, the support calls from our users or from our CEO.

    But then... INSTALLATION FAILED!

    YES!

    This error saved my day! [:D]

    Happy Holidays and Merry Christmas! [G]

  • LOL- sarkasm is always good :-D

     

    merry X-mas to you also :-)

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • Glad it wasn't just me.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Greeting, I've experienced the same issue this morning, as others. 

    Currently running firmware - 

    Firmware version:   9.408-4
     
    Pattern version:   114877

     

    /var/log/up2date.log:2016:12:21-05:41:02 auisys[22348]: id="371O" severity="error" sys="system" sub="up2date" name="Fatal: Up2Date package installation failed: An error occured during the RPM pre-installation test (1)" status="failed" action="install" code="1" package="sys"
    /var/log/up2date.log:2016:12:21-05:41:02 auisys[22348]: [CRIT-311] Firmware Up2Date installation failed