We’ve recently published UTM 9.003 as a two part Up2Date labelled 9.003-15 and 9.003-16. You can see more about this two-part package by reading on for the full details inside. Before that however, a small update that we plan to begin the ASG V8 to UTM V9 one-touch appliance upgrade process on Oct-22nd for the 220/320 appliances. Following a smooth roll out, the next week we will enable the rest of the appliance line, followed by HA/Cluster systems near the middle of November.

Now for 9.003 – the reason for this Up2Date is to allow for more Wireless Access Points, some improvements for our Webserver Protection, and support for the hotly-anticipated RED 50 appliance (featuring increased throughput and an innovative dual Internet connection balancer)which is in Beta and will be available soon! Read on for the full details, manual Up2Date information, and links for new ISO images. Enjoy!

Sophos Author In the effort to continuously improve the accuracy of our Application classifications, the following characteristic and risk changes are planned for April 13th, 2021. Users who have configured existing characteristics and/or risk-based application f. Hi, I know that this is impossible. But actually I can't connect a monitor to my Astaro. I think that it should be a great idea to allow beta tester to upgrade from the current version to the beta using something like a command line (for example dist-upgrade). There are two update packages available: One for customers, who are still on UTM 9.702 (u2d-sys-9.703.tgz.gpg) and One for customers, who have already updated to 9.703-2 (u2d-sys-9.703.tgz.gpg). Both update will be available via our Up2Date server later. In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers. Update: We replaced the update from 9.509 to 9.510 on our FTP server to address two issues. We also uploaded the update for all who have installed the previous one. Up2Date Information 9.509 - 9.510 News.

The reason for the two-part numbering of 9.003 this time is that there was a small difference between our soft-released version (made available early via the User Forums) and the GA release. UTM 9 added the ability for us to issue incremental version Up2Date packages, and we will now work on how to bundle/hide versions of the same release yet with a different build from your systems. The end result we desire is that if you have 9.002, you would see only 9.003-16 to install. More to come on that in the future.

For today, to quote an agent of our system: “Grab 222 of your closest friends and have an access point party”, as we have increased the number of AP’s which can be connected to UTM from 100 to 223 to aid in larger deployments of our amazing wireless offering. The RED50 has begun a limited Beta period, and we’ll look to have that appliance available in our markets very soon. We are confident you will be impressed with the throughput over the smaller RED10 and the new dual-WAN balancer which provides full bandwidth across both connections, even for a single download. It offers much more than an inferior session-based round-robin approach. We also have new ISO images available. Here are the download details:

Sophos UTM 9.003-15/16 Up2Date Information

News:

• Wifi: Removed general limit of 8 SSIDs per AP (now device dependent)
• Wifi: Increased maximum number of AP’s from 100 to 223
• WAF: Now adds a X-Forwaded-Proto header in server requests
• RED: Added support for RED50 devices to support beta program

Remarks:

Sophos Up2date

• System will be rebooted
• Configuration will be upgraded
• Wifi Reporting will be reset

Bugfixes:

• [21948] Cable Modem: every renew of IP address adds a new IP address to the DHCP interface (v9)
• [22260] WebApplication firewall reporting does not work in timezones behind UT

Up2Date Downloads:

Version 9.003-15

Link: ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.003015.tgz.gpg

Size: ~91MB

MD5: a04bf1c361ef79dbc514b8f4fe5fe168

Version 9.003-16

Link: ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.003016.tgz.gpg

Size: ~1MB

MD5: 3a28dd58bac91627cb8c7d3804f59387

UTM 9.003 ISO Images*

Software Appliances (for your own hardware or virtual platform)

Link: ftp.astaro.com/UTM/v9/software_appliance/iso/asg-9.003-16.1.iso

MD5: 7d2fb7eaa11dcfe87356a187b0aecf72

Size: ~480 MB

Hardware Appliances (for offically branded appliance models)

Link: ftp.astaro.com/UTM/v9/hardware_appliance/iso/ssi-9.003-16.1.iso

MD5: 156a6d02690b33db1a19d01ad9de11c6

Size: ~470 MB

*Our FTP server for UTM 9 also has links for the Smart installer V1 and V2 tools.

Up2Date Installation:Sophos Up2Date technology makes it easy to upgrade your Sophos UTM to the latest version. There are two ways to apply an already-downloaded Up2Date package to the system:

1. Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the “Watch Up2Date Progress in new window” and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
2. Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Sophos UTM Up2Date FTP Mirrors:

Feedback

• If you want to provide feedback or want to discuss any of the UTM V9 features you should post it on our User Bulletin Board. Please indicate the version you are using to help us (and everyone helping you). e.g. “[9.003] Adding more wireless access points”.
• If you have any feedback on our help, manual, or any documentation (Online Help) please send it to nsg-documentations@sophos.com.
• You are free to use our demo server environment without hassle, nags, or registration. Enjoy.

-Angelo Comazzetto, Sophos

Important Notes

The initial UTM 9.703 release was pulled back. More information and RCA can be found in the KBA at: https://community.sophos.com/kb/en-us/135383.

The code change for “NUTM-11173 [Basesystem] IPsec doesn’t re-connect on DHCP interface after firmware upgrade” is reverted and a new version of UTM 9.703 is available at their download server.

There are two update packages available:

• One for users, who are still on UTM 9.702 (u2d-sys-9.702001-703003.tgz.gpg) and
• One for users, who have already updated to 9.703-2 (u2d-sys-9.703002-703003.tgz.gpg).

Sophos Up2date Not Working

Both update will be available via their Up2Date server later.

Up2Date Information

News

Sophos Up2date Download

• Maintenance Release

Remarks

• System will be rebooted
• Configuration will be upgraded
• Connected REDs will perform firmware upgrade
• Connected Wifi APs will perform firmware upgrade

Issues Resolved

Sophos Up2date Failed

• NUTM-9381 [Access & Identity] WebAdmin user getting an error while browsing ‘Sophos Transparent Authentication Status’ tab
• NUTM-11258 [Access & Identity] [SAA] Wrong version of SAA displayed in Windows with MSI installer
• NUTM-11578 [Access & Identity] Patch strongSwan (CVE-2019-10155)
• NUTM-11589 [Access & Identity] [SAA] Add TLS 1.2 support for Windows client
• NUTM-11590 [Access & Identity] [SAA] Add TLS 1.2 support for macOS client
• NUTM-11675 [Access & Identity] Patch PPTP and L2TP pppd (CVE-2020-8597)
• NUTM-11109 [Basesystem] Status lights blinking green constantly on SG 1xx and XG 1xx series
• NUTM-11255 [Basesystem] Fix “Internet IPv6” binding in case of multiple IPv6 uplinks
• NUTM-11417 [Basesystem] SG115rev3 HA eth3 interface flapping after update to 9.7
• NUTM-11645 [Basesystem] Patch libxml2 (CVE-2019-19956, CVE-2020-7595)
• NUTM-11561 [Configuration Management] Unable to load certificate list in WebAdmin when large number of certificates present
• NUTM-10803 [Email] S/MIME signed mails have an invalid signature if 3rd party CA is used
• NUTM-11240 [Email] Recipient verification fails due to incomplete LDAP search query
• NUTM-11662 [Email] Bad request for release mails out of the quarantine report after update to 9.7 MR1
• NUTM-11485 [Kernel] Patch Linux Kernel (CVE-2019-18198)
• NUTM-11288 [Localization] AWS Current Stack link is incorrect
• NUTM-11081 [Network] Up-link balancing not clearing conntracks when interface goes down
• NUTM-11218 [Network] ulogd restarting/core-dumps
• NUTM-11614 [Network] Increase GARP buffer
• NUTM-11676 [Network] Patch pppd (CVE-2020-8597)
• NUTM-11573 [RED] RED interface doesn’t obtain IP after UTM reboot
• NUTM-11467 [RED_Firmware] RED15w WPA/WPA2 enterprise cannot connect
• NUTM-11822 [RED_Firmware] RED15 firmware update might fail if flash has bad blocks
• NUTM-11378 [Reporting] Top5 Malware won’t be displayed in Executive Reports if those are sent as PDF
• NUTM-11220 [Sandstorm] When opening Sandstorm activity which contains Korean characters for example, you get this error “cannot decode string with wide characters at encode.pm line 174”
• NUTM-10202 [UI Framework] [SAA] Live user table doesn’t scale with very long names
• NUTM-11084 [UI Framework] Webadmin Information popup not visible
• NUTM-11191 [UI Framework] Can’t download certificate in WebAdmin when name contains apostrophe
• NUTM-11584 [UI Framework] Replace FTP Up2date download link in WebAdmin with HTTPs
• NUTM-11598 [UI Framework] Internal Server Error alert thrown with initial Webadmin request after installation
• NUTM-11725 [UI Framework] Update prototype
• NUTM-11130 [Web] Add configuration for savi_scan_timeout
• NUTM-11346 [Web] Warn page proceed fails due to missing parameters
• NUTM-10269 [Wireless] SSID stops broadcasting
• NUTM-11581 [Wireless] User with “Wireless Protection Manager” rights is unable to change wireless settings if mesh is configured

Related Posts