This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues after updating to 9.509-3

I applied the pending updates yesterday and a couple things busted. This is a current UTM 9 machine with a single Comcast residential WAN link through a cable modem. It's been solid for years. The WAN interface is configured for dynamic IPv4 and IPv6 addresses and gateway options checked. IPv6 is enabled, I get a prefix delegation that I use for the primary LAN interface.  I have IPv6 prefix advertising setup for the LAN interface using the delegation. I have IPv6 rewrite enabled. I applied the pending updates earlier this week when I was having odd DHCP issues.  It's now running 9.509-3. 

So, the first issue I had after the update was with HTTPS traffic and the transparent-mode web filter.  I've had the "URL Filtering Only" option selected and it's been working fine before but after the update, it's messing with the certificates now and I don't bother to distribute the CA cert.  I just disabled HTTPS proxying in transparent-mode and moved on.

The next issue has me stumped. The default IPv4 route is gone from Support > Advanced > Routes Table and pings to 8.8.8.8 get a no route error. If I disable the "IPv6 Default GW" option on the Comcast WAN interface, the IPv4 routes return to the Routes Table report. I've IPv6 Default GW disabled for now.

Also, IPv4 DHCP relaying from LAN2 (secondary internal LAN) through the UTM to a DHCP Server on LAN (primary internal LAN) isn't working unless I also disable the DHCPv6 Relay.  That one took a while to figure out. The DHCP packets are never getting through to the server.  If I disable the DHCPv6 Relay, IPv4 DHCP relaying works again. 

Does any of this suggest anything specific I should dig deeper into?  Any suggestions?



This thread was automatically locked due to age.
  • I just realized yesterday that my IPsec site-to-site between my home and our instance in the cloud a day earlier after I upgraded home 9.508-9.509.  I'd already done that in the cloud the first day that it was available and had had no problems.  I watched the live logs as I restarted first one, then the other and the VPN still wouldn't establish.  It looked like the PSK had gotten "broken" in the home UTM, so I restored the backup made the night before - bang! - everything back to normal.  I suggest this maneuver here often, but it's my first hands-on experience with it being successful.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I left IPv6 disabled on the WAN interface for a while hoping whatever happened was just something temporary with Comcast.  Re-enabled it today and things seem to be working.  Odd.