This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrade to UTM 9.601-5 firmware doesn't start FW NAT rules on boot

Hi,

I got information from my UTM that a new firmware 9.601-5 was available. I installed it and after reboot I discover that all my NAT rules where not activated ! I had to go on each one and disable/enable them to get back the working setup :(

I did it with some of them and then reboot the UTM: again rules where not applied. Disable/enable them and evrything is OK.

For some rules I didn't apply the "automatic firewall rules" in GUI but had create myself the FW rules: those NAT rules where activated. But for NAT rules with forwarding ports to other physical hosts but *not the host himself and the VMs running on it where the UTM lies* doesn't matter which setup (manual or automatically), I have to activate "automatic FW rules" and disable/enable the rules to get them working.

No need to say that prior firmware versions didn't had this problem.

Does anyone face the same problem and confirm?

Daniel



This thread was automatically locked due to age.
Parents
  • HI Everyone

     

    So glad to see this issue confirmed here - I am NOT going mad after all.  We've had some really big problems with this ; causing us embarrasment and our client's outages

    I can confirm the same activity on a few dozen of my UTMS - I am not sure what UTM firmware version this started with but I've seen it for a month or two at least. After a UTM reboot I need to DISable / ENable the NAT rules to get inbound NAT traffic started again. Not always ALL NAT rules it seems, can be just one rule out of dozens - I am now so scared to update firmware or reboot it's silly,  as I need to try every NAT rule after a reboot and I have so many UTMs to do this on. 

     

    Last post on this thread was Jun 7th - any updates from anyone yet?

     

    Thanks

    Grant AU

  • Hi Grant - welcome to the UTM Community!

    You might want to use the trick I outlined in April when this phenomenon first appeared.  If the issue only occurs at reboot, use "@reboot" instead of "0 4 * * *" in the cron jobs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • From experience I can say this is still happening.  Firewalls I manage on 9.603-1 are coming up with non-functional NAT FW rules.  This is occurring both during reboots and cold boots across different hardware platforms (SG105, SG135, SG210) as well as my personal home software installation.

  • JasonG said:

    Did this happen to get fixed in 9.603-1, or are users still seeing this behavior on that firmware?

     

     

    That's still not fixed with this version.

     

    As told few weeks ago, people from Sophos France are studing the case (I gave them access on 2 UTM software having the problem) but that still not find out where the problem lies.

     

    Daniel

  • Daniel Huhardeaux said:
     

    That's still not fixed with this version.

    As told few weeks ago, people from Sophos France are studing the case (I gave them access on 2 UTM software having the problem) but that still not find out where the problem lies.

    Daniel

    Bummer, thanks for the confirmation Daniel and J_Money.

  • Still no update for this issue?

    I'm still on firmware 9.602-3 and will update my appliance soon to 9.604-2 but I doubt that it resolves the problem as far as I read.

    When will it be fixed?

    This is a really annoying bug...

  • Firmware version: 9.604-2

    Same issue affecting me, is there any update on this? Please let me know.

    Thanks you

  • Hi,

    just installed 9.605-1 and problems disappears.

    Daniel

  • I've also been having this issue for a while (i think it started 9.601, might be earlier, but i'm not sure), assuming it would be fixed in a subsequent update.

    We're now several updates further, and so far 9.605-1 did *not* fix it for me either.

    It's starting to seem kind of silly that after every reboot i have to disable and enable one of my DNAT rules before they all start working...

  • Hoi M1tch and welcome to the UTM Community!

    Have you tried the trick I suggested earlier in this thread to add a cron job @reboot that disables/enables a DNAT rule?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I have now, it does seem to work!

    This bug might confuse a lot of people, and actually break things meanwhile. It seems silly something like this can drag on for a couple of updates...

  • Checking in to confirm that the problem still exists for me as well in 9.605-1

Reply Children
No Data