This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM update 9.411-3 released

Up2Date 9.411003 package description:

Remarks:
System will be rebooted
Configuration will be upgraded

News:
Maintenance Release

Bugfixes:
Fix [NUTM-6804]: [AWS] Update breaks HVM standalone installations
Fix [NUTM-6747]: [Email] SAVI scanner coredumps permanently in MailProxy after update to 9.410
Fix [NUTM-6802]: [Web] New coredumps from httpproxy after update to v9.410

RPM packages contained:
rubygem-sophos-iaas-1.0.0-0.251808053.g8ec3939.i686.rpm
ep-cssd-9.40-28.g1a032c7.rb1.i686.rpm
ep-ha-aws-9.40-376.g8ec3939.noarch.rpm
ep-cloud-ec2-9.40-47.g1d126b2.i686.rpm
ep-httpproxy-9.40-393.g39ad256.rb5.i686.rpm
ep-release-9.411-3.noarch.rpm



This thread was automatically locked due to age.
  • Hi,

     

    After the disaster with 9.410 the 411 version works now as it should. Have updated now the slave of our HA SG330 configuration, too. Upgrading even the slave to 9.411 was no problem.

    CU

    Thomas

  • I can also confirm that after upgrading from 9.410 to 9.411 our HA SG230 system works as intended, incl. double email scanning and Sandstorm.

    Wolfgang

  • Installed on several installations last night (all were on 9.408), some software, some hardware.

    All has gone well during the first day after the install.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hi all,

     

    I just updated 2 days ago our SG310 to 9.411-3 from 9.409-9. 

     

    The box was was configured not to allow download more than 100MB of file to users not listed in the exception in which I included in the exception. It has been configured for more that a year but the recent upgrade to 9.411-3 broke that rule.

     

    I can no longer download (direct download from browser) files more that 100MB with the following info:

    "The content is blocked due to the following condition:
    The item you have requested is larger than the maximum allowable file size. It will not be downloaded."
     
    I uncheck and check Skip Block by download size but no avail.
     
    Is these a bug or just I miss something? Remember that I can download files before even 500MB of size without problem.
     
     
  • Hi, Jeanar, and welcome to the UTM Community!

    Please find the line from the Web Filtering log where your access is blocked.  Then post a question in the Web Protection forum that shows that line.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    This was the log files during download that was block.

     

    2017:03:24-18:14:35 ta-utm-lnx_01p httpproxy[5853]: id="0070" severity="info" sys="SecureWeb" sub="http" 
    name="web request blocked, download exceeds maximum allowable size" action="block" method="GET"
    srcip="10.10.10.119" dstip="149.202.99.44" user="" group="" ad_domain="" statuscode="403" cached="0"
    profile="REF_HttProContaInterNetwo2 (For Internal Network)" filteraction="REF_HttCffBlocksites (BlockSites)"
    size="3063" request="0xbde15000" url="http://ddl8.digiboy.ir/vmware/6.0/update-from-esxi6.0-6.0_update03.zip"
    referer="www.digiboy.ir/.../" error="" authtime="0" dnstime="95"
    cattime="152" avscantime="0" fullreqtime="725130" device="0" auth="0"
    ua="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
    Chrome/56.0.2924.87 Safari/537.36" exceptions="application" category="175" reputation="neutral"
    categoryname="Software/Hardware" reason="size"

    My ip (10.10.10.119) was included in the exception list with skip block download size.

    But to my surprise, I was able to download latest release of pfSense with the following log:

    2017:03:24-18:28:28 ta-utm-lnx_01p httpproxy[5853]: id="0001" severity="info" sys="SecureWeb" sub="http" 
    name="http access" action="pass" method="CONNECT" srcip="10.10.10.119" dstip="139.59.224.27" user="" group=""
    ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (For Internal Network)"
    filteraction="REF_HttCffBlocksites (BlockSites)" size="322982130" request="0xe4806600"
    url="https://sgpfiles.pfsense.org/" referer="" error="" authtime="0" dnstime="2" cattime="106"
    avscantime="0" fullreqtime="819146008" device="0" auth="0" ua="" exceptions="application"
    category="175" reputation="neutral" categoryname="Software/Hardware"

    Can you give me the reason behind on this?

    Jeanar
  • In neither case does your IP qualify you for an Exception for size, so I have no idea why the pfsense download was successful.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • After the update to 9.411-3 we noticed that usergroup networks aren't resolved correctly anymore. specifically, if a User is a member in multiple Groups, only about the first 3 groups get the users IP registered if the user connects through SSL VPN, which breaks most of our firewall rules regarding VPN Access.

  • Hi Jeanar.

    First, as per Bob's instructions, I think you should create a new thread at the right session for your issue. Other than that, the only difference I see is that the request that was blocked was HTTP and the one that passed was HTTPS. 

    Please, start a new thread and share some of your configuration so people can help you the right way.

    Regards - Giovani