This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrade to UTM 9.601-5 firmware doesn't start FW NAT rules on boot


I got information from my UTM that a new firmware 9.601-5 was available. I installed it and after reboot I discover that all my NAT rules where not activated ! I had to go on each one and disable/enable them to get back the working setup :(

I did it with some of them and then reboot the UTM: again rules where not applied. Disable/enable them and evrything is OK.

For some rules I didn't apply the "automatic firewall rules" in GUI but had create myself the FW rules: those NAT rules where activated. But for NAT rules with forwarding ports to other physical hosts but *not the host himself and the VMs running on it where the UTM lies* doesn't matter which setup (manual or automatically), I have to activate "automatic FW rules" and disable/enable the rules to get them working.

No need to say that prior firmware versions didn't had this problem.

Does anyone face the same problem and confirm?


This thread was automatically locked due to age.
  • This does appear to have been fixed in rev 9.701-6 rel 23-Jan-2020  (I believe this is the official issue number : NUTM-10963)

    I have not been offered this via Up2Date on my personal UTM as of this writing;   however I noticed a client's UTM received it today and their NAT came back after applying and rebooting. So I immediately downloaded it from the Sophos FTP and manually applied it - after the reboot all my NAT rules were working!!  No need to STOP/START one NAT rule to get them all working again - hoorah!  

    Now just waiting for all my other clients to be offered this via Up2Date so I can install it globally.


    Only 9 or 10 months for Sophos fix - there must only be a few dozen folks using Sophos UTM with NAT using Auto Firewall Rules, and I was unlucky enough to be one of them :-0


    Cheers all,


  • Good news ! I will check this later on my side because we can't install it for now. I will keep you in touch.



Reply Children
No Data