Thread Info
  • Locked Locked
  • Replies 9 replies
  • Subscribers 11 subscribers
  • Views 18627 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.506-2 released a few days ago as soft release

twister5800

Hi,

 

Anyone tried 9.506?

 

Running with two appliances, but no issues so far..

 

Release notes:


Up2Date 9.506002 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected APs will perform firmware upgrade
Connected REDs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-8651]: [AWS] AWS Permission for "Import Via Amazon Credentials"
Fix [NUTM-7678]: [Access & Identity] Pluto dies with coredump at L2TP connections
Fix [NUTM-8211]: [Access & Identity] SSL VPN connection issue with prefetched AD groups
Fix [NUTM-8756]: [Access & Identity] AUA debug log contains plain text passwords
Fix [NUTM-8889]: [Access & Identity] ESPdump with algorithm GCM does not work
Fix [NUTM-8912]: [Access & Identity] HTML5 VPN: keyboard input not working on Android devices
Fix [NUTM-7670]: [Basesystem] Update to BIND 9.10.6
Fix [NUTM-8427]: [Basesystem] postgres[xxxxx]: [x-x] FATAL: could not create shared memory segment: No space left on device
Fix [NUTM-8769]: [Basesystem] Small models of SG105 / SG115 / SG125 / SG135 take over 5 minutes to accept network connection
Fix [NUTM-9063]: [Configuration Management] Regenerating the Web Proxy CA breaks all SSL VPN clients
Fix [NUTM-8313]: [Email] POP3 Proxy generate core dumps in versions v9.414 and v9.501
Fix [NUTM-8509]: [Email] Remove 3DES and SHA1 from SMIME
Fix [NUTM-8645]: [Email] MIME Type Detection 9.5
Fix [NUTM-9061]: [Email] User cannot open the SMTP Routing tab
Fix [NUTM-8419]: [Logging] "Search Log Files" has different search result in spite of same time frame
Fix [NUTM-8783]: [Logging] SMBv1 still required for remote logging to a smb share
Fix [NUTM-8341]: [Network] Network monitor core dump
Fix [NUTM-8685]: [Network] Some clients display an "Unknown" vendor on the wireless client list
Fix [NUTM-8738]: [Network] Error messages in fallback log about damaged static routes
Fix [NUTM-8838]: [Network] Watchdog consumes constantly 100% CPU
Fix [NUTM-7396]: [RED] UTM RED kernel log shows "seq invalid" messages
Fix [NUTM-6968]: [REST API] Restd: supporting usage of new object right after creation
Fix [NUTM-7981]: [Reporting] WAF-reporter logs irrelevant information
Fix [NUTM-8359]: [Reporting] SMTP log on Mail Manager is empty after upgrading postgres to 64bit
Fix [NUTM-7802]: [Sandboxd] If using a ' character in the email address, postgres is not able to insert this to the TransactionLog (Sandbox)
Fix [NUTM-8715]: [UI Framework] Unable to access "Manage Computers" page
Fix [NUTM-8061]: [WAF] WAF still reporting virus found when AV engine on the UTM is updating
Fix [NUTM-8751]: [WAF] Newly created web server listens on the slave node instead of the master node
Fix [NUTM-8806]: [WAF] Issue with TLS settings for virtual webserver
Fix [NUTM-8861]: [WAF] Leftover of shm files cause a WAF restart loop
Fix [NUTM-5964]: [WebAdmin] Support Access: WebAdmin not properly displayed after login via APU
Fix [NUTM-8512]: [WebAdmin] Can't use string ("0") as a HASH ref while "strict refs" in use at /wfe/asg/modules/asg_ca.pm line 1105
Fix [NUTM-8571]: [WebAdmin] User with only "Report Auditor" rights receives strict refs error after login into WebAdmin
Fix [NUTM-8807]: [WebAdmin] External link to Sophos UTM Knowledge Base is not correct
Fix [NUTM-8871]: [WebAdmin] Year of Single Time Events cannot be later than 2019
Fix [NUTM-7994]: [Web] Customized templates do not allow to accept quota and access site
Fix [NUTM-8037]: [Web] HA: Low disk space alert from slave
Fix [NUTM-8107]: [Web] CONFD.PLX is taking high CPU load
Fix [NUTM-8502]: [Web] HTTP Proxy coredumps with CentralFreeList in v9.413
Fix [NUTM-8687]: [Web] Segfault and coredump from HTTP proxy
Fix [NUTM-8691]: [Web] Certificate error on accessing sites with https scanning enabled
Fix [NUTM-8752]: [Web] NTLM Issue with AD SSO in Transparent Mode
Fix [NUTM-8771]: [Web] Wrong country showing up in Web proxy requests
Fix [NUTM-8826]: [Web] Teamviewer via Standard Mode with AD-SSO not possible since v9.502
Fix [NUTM-8834]: [Web] iOS11 user agent string is not detected as iOS
Fix [NUTM-8849]: [Web] Can't download Traveler_90119_Win.zip with HTTP proxy in Transparent Mode
Fix [NUTM-3129]: [Wireless] SG125w failed to create interface wifi0: -23 (Too many open files in system)
Fix [NUTM-4720]: [Wireless] Issues with 2.4 GHz channel 12 and 13 / inconsistent channel availibility / AWE_DEVICE_CHANNEL_INVALID
Fix [NUTM-8288]: [Wireless] Roaming issues with iPhone7 and RADIUS authentication
Fix [NUTM-8391]: [Wireless] AP55C/AP100X disconnecting from UTM repeatedly

RPM packages contained:
libopenssl1_0_0-1.0.2j-4.1.0.273786758.g4b4a1fb.rb11.i686.rpm
libopenssl1_0_0_httpproxy-1.0.2j-4.1.0.273786758.g4b4a1fb.rb11.i686.rpm
modavscan-9.50-211.g147c834.rb9.i686.rpm
openssl-1.0.2j-4.1.0.273786758.g4b4a1fb.rb11.i686.rpm
perf-tools-3.12.74-0.268741462.g5cd15cc.rb6.i686.rpm
perl-Net-MAC-Vendor-1.18-1.981.g8d7fa55.rb10.noarch.rpm
postgresql-8.4.14-255.ga926ce8.rb6.i686.rpm
postgresql92-9.2.13-113.ga926ce8.rb6.i686.rpm
postgresql92-64-9.2.13-113.ga926ce8.rb6.x86_64.rpm
python-setuptools-0.9.8-3.1.2.19.g214889e.rb3.i686.rpm
red-firmware2-5124-0.274355563.g9ac89dc.rb4.noarch.rpm
red15-firmware-5124-0.274355580.gaba09d7.rb4.noarch.rpm
rubygem-addressable-2.5.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-airbrake-5.7.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-airbrake-ruby-1.7.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-aws-sdk-v1-1.66.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-blankslate-2.1.2.4-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-builder-3.2.2-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-celluloid-0.17.3-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-celluloid-essentials-0.20.5-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-celluloid-extras-0.20.5-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-celluloid-fsm-0.20.5-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-celluloid-pool-0.20.5-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-celluloid-supervision-0.20.6-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-chef-12.21.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-chef-config-12.21.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-chef-zero-5.3.2-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-coderay-1.1.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-crack-0.4.3-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-diff-lcs-1.2.5-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-docile-1.1.5-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-docker-api-1.33.6-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-erubis-2.7.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-excon-0.57.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-faraday-0.12.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-ffi-1.9.14-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-ffi-yajl-2.3.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-fuzzyurl-0.9.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-gssapi-1.2.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-gyoku-1.3.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-hashdiff-0.3.2-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-hashie-3.5.6-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-highline-1.7.8-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-hitimes-1.2.4-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-htmlentities-4.3.4-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-httpclient-2.8.3-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-iniparse-1.4.4-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-inspec-1.31.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-ipaddress-0.8.3-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-json-1.8.3-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-libyajl2-1.2.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-little-plugger-1.1.4-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-logging-2.1.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-method_source-0.8.2-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-mini_portile2-2.0.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-mixlib-archive-0.4.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-mixlib-authentication-1.4.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-mixlib-cli-1.7.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-mixlib-config-2.2.4-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-mixlib-log-1.7.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-mixlib-shellout-2.2.7-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-multi_json-1.12.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-multipart-post-2.0.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-net-scp-1.2.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-net-sftp-2.1.2-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-net-ssh-4.1.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-net-ssh-gateway-2.0.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-net-ssh-multi-1.2.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-net-telnet-0.1.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-nokogiri-1.6.7.2-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-nori-2.6.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-ohai-8.24.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-parallel-1.11.2-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-parslet-1.5.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-pg-0.19.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-pidfile-0.3.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-plist-3.3.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-proxifier-1.0.3-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-pry-0.10.4-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-public_suffix-2.0.5-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-rack-2.0.3-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-rainbow-2.2.2-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-retries-0.0.5-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-rspec-3.5.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-rspec-core-3.5.4-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-rspec-expectations-3.5.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-rspec-its-1.2.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-rspec-mocks-3.5.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-rspec-support-3.5.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-rspec_junit_formatter-0.2.3-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-rubyntlm-0.6.2-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-rubyzip-1.2.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-safe_yaml-1.0.4-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-semverse-2.0.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-sequel-4.43.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-serverspec-2.39.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-sfl-2.3-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-simplecov-0.12.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-simplecov-html-0.10.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-slop-3.6.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-sophos-iaas-1.0.0-1.0.275408289.g7d6dad4.rb4.i686.rpm
rubygem-specinfra-2.69.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-sslshake-1.2.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-syslog-logger-1.6.8-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-systemu-2.6.5-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-thor-0.19.4-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-timers-4.1.2-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-toml-0.1.2-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-train-0.25.0-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-uuidtools-2.1.5-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-vcr-3.0.3-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-webmock-2.3.2-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-winrm-2.2.3-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-winrm-fs-1.0.1-0.270828330.g7a4fe5f.rb6.i686.rpm
rubygem-wmi-lite-1.0.0-0.270828330.g7a4fe5f.rb6.i686.rpm
samba-4.6.8-1.g34e51e0.rb8.i686.rpm
tcpdump-4.3.0-6.1.1632.g875917c.rb8.i686.rpm
ep-reporting-9.50-52.geaa2ea3.rb9.i686.rpm
ep-reporting-c-9.50-147.g54ce959.rb4.i686.rpm
ep-reporting-resources-9.50-52.geaa2ea3.rb9.i686.rpm
ep-aua-9.50-65.gf891614.rb3.i686.rpm
ep-branding-ASG-afg-9.50-77.g0e8eab8.rb7.noarch.rpm
ep-branding-ASG-ang-9.50-77.g0e8eab8.rb7.noarch.rpm
ep-branding-ASG-asg-9.50-77.g0e8eab8.rb7.noarch.rpm
ep-branding-ASG-atg-9.50-77.g0e8eab8.rb7.noarch.rpm
ep-branding-ASG-aug-9.50-77.g0e8eab8.rb7.noarch.rpm
ep-confd-9.50-1759.gf1bb52a.i686.rpm
ep-confd-tools-9.50-1718.g72de052.rb16.i686.rpm
ep-cssd-9.50-45.g69441e6.rb5.i686.rpm
ep-ha-aws-9.50-610.g7d6dad4.rb4.noarch.rpm
ep-init-9.50-33.g500c379.rb6.noarch.rpm
ep-ipv6-watchdog-9.50-19.g2878345.rb4.i686.rpm
ep-libs-9.50-26.g22e3aa4.rb7.i686.rpm
ep-localization-afg-9.50-54.gcd881e2.rb2.i686.rpm
ep-localization-ang-9.50-54.gcd881e2.rb2.i686.rpm
ep-localization-asg-9.50-54.gcd881e2.rb2.i686.rpm
ep-localization-atg-9.50-54.gcd881e2.rb2.i686.rpm
ep-localization-aug-9.50-54.gcd881e2.rb2.i686.rpm
ep-logging-9.50-15.g9b17108.rb3.i686.rpm
ep-mdw-9.50-972.gdbc72b7.rb8.i686.rpm
ep-postgresql92-9.50-106.g38cbe8d.rb5.i686.rpm
ep-postgresql92-64-9.50-106.g38cbe8d.rb5.x86_64.rpm
ep-restd-9.50-0.273924782.g7383443.rb8.i686.rpm
ep-sandboxd-9.50-0.266725220.g4e36e6c.rb4.i686.rpm
ep-screenmgr-9.50-3.g07035cc.rb24.i686.rpm
ep-tools-9.50-19.g7ca148e.rb3.i686.rpm
ep-utm-watchdog-9.50-83.g1e551db.rb4.i686.rpm
ep-webadmin-9.50-1318.gc7edf8d.rb8.i686.rpm
ep-webadmin-contentmanager-9.50-78.g21a585a.rb5.i686.rpm
ep-cloud-ec2-9.50-182.g34965ba.rb6.i686.rpm
ep-chroot-smtp-9.50-126.g74cc04b.rb4.i686.rpm
chroot-bind-9.10.6-0.271786106.ged14240.rb6.i686.rpm
chroot-ipsec-9.50-21.gfde6c67.rb5.i686.rpm
chroot-reverseproxy-2.4.10-381.gf46aba5.rb6.i686.rpm
ep-chroot-pop3-9.50-19.g0bf330d.rb5.i686.rpm
ep-httpproxy-9.50-457.gb8589ed.rb3.i686.rpm
kernel-smp-3.12.74-0.268741462.g5cd15cc.rb6.i686.rpm
kernel-smp64-3.12.74-0.268741462.g5cd15cc.rb6.x86_64.rpm
ep-release-9.506-2.noarch.rpm

 

You can find it on the ftp server



This thread was automatically locked due to age.
Parents

  • 9.506-2 seems to be working well for me.

    The upgrade process had some surprises and a learning curve.

    I had frozen at 9.408, so I had 8 patch kits to apply.   I was worried about consuming all system drive space, so I started applying the updates one at a time.   The upgrade step from 9.412 to 9.413 hit a hang condition and left the system in an inconsistent state.   The GUI said I was on 9.413, but the LCD panel said I was on 9.412.   The Up2Date log showed clearly that the process had a problem and intended to roll back.   Called support and they recommended reinstalling from the 9.506-2 CD, then loading the configuration backup, because configuration backups are upward compatible.   

    The system was running pretty well, I did not have a CD drive handy, and I was short on sleep.   So I let it go for a day.   When I resumed, the prospect of wiping a mostly-working system was scary, but everything went the way Support promised that it would.   Rebuilding was pretty quick, probably quicker than incrementally installing each patch.   I loaded the configuration file and I was immediately back to my original configuration.  I was actually quite impressed. 

    • Now I have a clean build that is devoid of any baggage from the last three years, and as a result I have more free space on my root partition.   
    • The rebuild configured the database in 64-bit mode, so there was no database conversion required.   
    • I did lose my log files because I chose not to download them before starting the rebuild.

    On balance, it may have been best to plan on a rebuild instead of an upgrade, or to plan on a rebuild once every few years.

Reply

  • 9.506-2 seems to be working well for me.

    The upgrade process had some surprises and a learning curve.

    I had frozen at 9.408, so I had 8 patch kits to apply.   I was worried about consuming all system drive space, so I started applying the updates one at a time.   The upgrade step from 9.412 to 9.413 hit a hang condition and left the system in an inconsistent state.   The GUI said I was on 9.413, but the LCD panel said I was on 9.412.   The Up2Date log showed clearly that the process had a problem and intended to roll back.   Called support and they recommended reinstalling from the 9.506-2 CD, then loading the configuration backup, because configuration backups are upward compatible.   

    The system was running pretty well, I did not have a CD drive handy, and I was short on sleep.   So I let it go for a day.   When I resumed, the prospect of wiping a mostly-working system was scary, but everything went the way Support promised that it would.   Rebuilding was pretty quick, probably quicker than incrementally installing each patch.   I loaded the configuration file and I was immediately back to my original configuration.  I was actually quite impressed. 

    • Now I have a clean build that is devoid of any baggage from the last three years, and as a result I have more free space on my root partition.   
    • The rebuild configured the database in 64-bit mode, so there was no database conversion required.   
    • I did lose my log files because I chose not to download them before starting the rebuild.

    On balance, it may have been best to plan on a rebuild instead of an upgrade, or to plan on a rebuild once every few years.

Children
  • in reply to DouglasFoster

    Agreed, Doug, if one doesn't have a regulatory requirement to keep logs.

    This has happened twice for me in the last ten years - once each to two different clients.  There is a trick that can be used...

    At the command line, trick WebAdmin into thinking that it's on 9.412:

    echo ' 9.412002'>/etc/version

    Since you're there, download and prepare the 9.412-to-9.413 Up2Date to be applied.  Cut and paste the following block:

    cd /var/up2date/sys
    rm u2d-sys-9.412002-413004.tgz.gpg
    wget ftp.astaro.com/.../u2d-sys-9.412002-413004.tgz.gpg
    /sbin/auisys.plx --showdesc

    Then install in WebAdmin after waiting about 10 minutes.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML