This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.502 Soft-Release

Hi all,

UTM 9.502 has been Soft-Released today and can be found on the FTP server as usual:

  • ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.501005-502004.tgz.gpg
  • ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.501005-502004.tgz.gpg.md5

 

IMPORTANT: The re-join workaround is required after upgrading to 9.502. See: https://community.sophos.com/kb/en-us/126819

 

The changelog:

News

  • Maintenance Release

Remarks

  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade

Bugfixes

  • NUTM-8127 [AWS] Link to CloudFormation console during cloudupdate is not working
  • NUTM-3213 [Access & Identity] Inconsistent behaviour/state when deleting a user cert
  • NUTM-3283 [Access & Identity] IPSec: VPN ID shall not include blanks
  • NUTM-3294 [Access & Identity] Menu option (keyboard layout) background not rendered properly in IE (version 11.0.9600.17728)
  • NUTM-6972 [Access & Identity] SSLVPN disconnection: backend AD sync
  • NUTM-7897 [Access & Identity] Argos doesn't start in HA setup without IP address
  • NUTM-7940 [Access & Identity] Client Authentication daemon crashes in HA scenario
  • NUTM-7982 [Access & Identity] SSL VPN connection not possible since v9.5 if organisation name contains umlauts
  • NUTM-7996 [Access & Identity] Devices authenticated via SAA are no longer associated with multiple user network objects in UTM 9.5
  • NUTM-8122 [Access & Identity] L2TP connections with separate DHCP server does not work
  • NUTM-8146 [Access & Identity] PPTP fails to connect when Assign IP addresses by is set to DHCP Server
  • NUTM-8147 [Access & Identity] OpenVPN vulnerabilities
  • NUTM-8161 [Access & Identity] OpenVPN vulnerabilities (client part)
  • NUTM-8280 [Access & Identity] High confd load through UMA
  • NUTM-8130 [Basesystem] Linux vulnerability 'The Stack Clash'
  • NUTM-8156 [Basesystem] Apache httpd vulnerability (CVE-2017-3169)
  • NUTM-7235 [Confd] READONLY user can download support package
  • NUTM-7425 [Email] Emailenc causing high load - permanently 100% CPU usage
  • NUTM-7790 [Email] Restrict long regular expression in WebAdmin
  • NUTM-7876 [Email] POP3 Proxy stops working after some time
  • NUTM-7889 [Email] Sandbox scan doesn't work - worker_do_get_file req content parsing error or missing parameters
  • NUTM-6116 [Network] Service_monitor sets wrong IP address for availability group
  • NUTM-7647 [Network] WAN random disconnects
  • NUTM-7735 [Network] ATP doesn't work with "Send anonymous application accuracy telemetry data" disabled.
  • NUTM-7950 [Network] Dhcp client not running - restarted
  • NUTM-8015 [Network] Main interface IP address swapped by additional address for DHCP setup
  • NUTM-7543 [Reporting] Calculate correct malware count for ExecReport
  • NUTM-7609 [Reporting] Websec-reporter is constantly restarting
  • NUTM-7725 [Reporting] High latency while navigating through WebAdmin after trying to display Web Reports
  • NUTM-7878 [WAF] Segfault for HTTP 1.0 requests when cookie rewriting is enabled
  • NUTM-6845 [Web] https://sslvpn.goodix.com does not loads through UTM PROXY
  • NUTM-7467 [Web] Sandstorm communication issues in some configurations
  • NUTM-7697 [Web] httpproxy.ConfdReload - core dump generated during configuration reload
  • NUTM-7895 [Web] Enable SMB2 in Samba
  • NUTM-7939 [Web] Chrome v58 and higher fail verification with HTTPS scanning enabled
  • NUTM-7967 [Web] httpproxy coredump
  • NUTM-7960 [Web] Authentication issue after upgrade to 9.5 (kerberos)
  • NUTM-8110 [Web] Since upgrading to 9.501 authentication stops working every morning
  • NUTM-6950 [WiFi] APs displayed as inactive in WebAdmin while clients connect to SSIDs which are still being broadcasted
  • NUTM-7495 [WiFi] Wireless client IP in Webadmin not updated after changing the SSID
  • NUTM-7962 [WiFi] Split traffic not working for wireless clients on RED15w after upgrade to v9.5

 

[Edit]: Moved Workaround into a KBA.



This thread was automatically locked due to age.
Parents
  • IMPORTANT: The re-join workaround is required after upgrading to 9.502.

    The re-join can be done by following these steps:

    1. In the WebAdmin, browse to Definition & Users > Authentication Services > Single Sign-On.
    2. Type in username with incorrect password in the Active Directory Single-Sign-On (SSO)
    3. Click Apply.
    4. Wait for error message in WebAdmin (Joining the domain failed).
    5. Type in username with correct password in the Active Directory Single-Sign-On (SSO)
    6. Wait for error message in WebAdmin (Active Directory SSO saved successfully).

    /talex

    - 21 is only half of the truth

  • I cant join the domain now after doing this. "Failed to Join Domain" every time. [:(] 

  • I had that problem previously, but disappeared with a reboot, might be worth trying if you haven't already

  • I also tried 2 different admin users, wouldn't work with one, but worked with the other, no idea why!

  • Yup, done that two, unfortunately all fail, restoring a back up now - spent too much time on the UTM over the last few weeks and cant sustain it. 3 months into a 5 year subscription and had nothing but trouble over updates.

  • Based on how Active Directory works:

    After the join failure, ensure that AD knows about the disconnect.   Find the UTM computer object in AD Users and Computers.  Right click and choose "reset account" or just delete the object.   Reset should be sufficient and seems to have fewer issues in a multiple site domain.   But to be sure, do the operation in the site closest to UTM and then trigger immediate replication to other sites before doing tbe correct join.

    Active Directiry will not let you join a machine that it thinks is already joined.

  • Hi Douglas, I did try a reset and also deletion both failed, it was quicker to restore a back up than continue as I was which was basically going round in circles. This however leaves be back on 501 for now but Ill wait until the up2date tells me there's an update ready rather than force it.

    Thanks for responding.

     

    James 

  • DouglasFoster said:

    Based on how Active Directory works:

    After the join failure, ensure that AD knows about the disconnect.   Find the UTM computer object in AD Users and Computers.  Right click and choose "reset account" or just delete the object.   Reset should be sufficient and seems to have fewer issues in a multiple site domain.   But to be sure, do the operation in the site closest to UTM and then trigger immediate replication to other sites before doing tbe correct join.

    Active Directiry will not let you join a machine that it thinks is already joined.

     

     

    This -- I've always had to delete the computer account with AD SSO gets goofed up (even in prior versions).

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • DouglasFoster said:

    Based on how Active Directory works:

    After the join failure, ensure that AD knows about the disconnect.   Find the UTM computer object in AD Users and Computers.  Right click and choose "reset account" or just delete the object.   Reset should be sufficient and seems to have fewer issues in a multiple site domain.   But to be sure, do the operation in the site closest to UTM and then trigger immediate replication to other sites before doing tbe correct join.

    Active Directiry will not let you join a machine that it thinks is already joined.

     

     

    This -- I've always had to delete the computer account with AD SSO gets goofed up (even in prior versions).

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data