Sophos UTM Update v9.6 released
Sophos has released UTM version 9.600 We have listed all the new features that have made it into version 9.6.
Let’s Encrypt integration
An integration of Let’s Encrypt on the UTM was desired by many. With version 9.6 the long wait seems to be over. The certificate can be created via the WAF and is automatically renewed.
Tip: If you have set up a DNAT for HTTP, you have to disable it on the interface where Let’s Encrypt was configured. Country blocking can also interfere, so an exception should be created.
ATP: New Advanced Threat Protection Library
Advanced Threat Protection has received a new library and now offers even more protection and better performance.
RED: Unified RED Firmware
The RED 15 and RED 50 get a new firmware, which will include current drivers for 3G/4G USB sticks. This should improve the support of such 3G/4G sticks.
Sandstorm: Manual File Submission and Reports
An administrator will now be able to manually upload a file for execution in Sophos Sandstorm. This means that even files that were not received by email or web download can now be analyzed with Sophos Sandstorm. Sandstorm’s reporting has also been improved to provide more detailed data over time.
SMTP Proxy: Enhancements
The SMTP Proxy gets support for the “Submission Port” and a configurable “Listen Address”.
WAF: Error Page Customization
All error pages provided by the WAF can now be customized with custom designs. It is now also possible to provide your own corporate identity on all pages.
Sobering regarding IKEv2
IKEv2 has often been requested by the community. According to Sophos, integrating IKEv2 into UTM 9.6 was no longer sufficient. Seriously, don’t expect IKEv2 to come for UTM! If we look at XG’s roadmap, it’s extremely full and this is clearly the main focus. The UTM Roadmap, on the other hand, is practically empty.
If you absolutely need IKEv2, we would recommend you to switch to the new operating system SFOS as soon as possible. If you have an SG Appliance, you won’t even have to pay for the change and the license period will be taken over. If you need help with the migration, we will be happy to help you. As of today (23.11.2018) we haven’t installed any UTM for one and a half years, only XGs. Our UTM know-how we only had to retrieve during the several migrations to SFOS.
Note: During the update, the UTM system is restarted and the configuration is updated. Note that a firmware update is also carried out on the connected REDs and access points.
Important: After the update to UTM 9.6, the old HTML template for content warning in the HTTP proxy no longer works correctly. Please download the updated templates, adapt them to your needs and upload them again to UTM. For more information, please check out the following post: KBA133167 - Sophos UTM: Changes to customized web templates in 9.6.
- NUTM-10128 [Access & Identity] MDW waits hours for lock on shared cache with AUA
- NUTM-10130 [Access & Identity] Unable to connect RDP type bookmark with NLA
- NUTM-7418 [Access & Identity] SAA - Rename Client Auth CA
- NUTM-9368 [Access & Identity] SSL VPN: optional user auth not working
- NUTM-9525 [Access & Identity] Disk filling up with argos error messages in endpoint.log
- NUTM-9843 [Access & Identity] HTML5 VPN portal connections periodically stop working until service is restarted
- NUTM-10080 [Basesystem] Update to latest Avira SAVAPI version
- NUTM-10366 [Basesystem] Missing IP address in IPset of user network for STAS
- NUTM-9783 [Basesystem] IPsec routing issue if gateway interface has additional addresses
- NUTM-9810 [Basesystem] IPset Object takes 30 seconds to update after SSL VPN connection was established
- NUTM-9860 [Basesystem] Selfmon trying to start DHCP even when not in use
- NUTM-10226 [Email] Can’t release POP3 messages due to URL in User Portal
- NUTM-9681 [Email] cssd coredumps and root partition is filling up
- NUTM-9716 [Email] S/MIME encryption - automatic certificate extraction causing high load / no webadmin access
- NUTM-9733 [Email] Change default encryption algorithm to ‘smime’
- NUTM-9853 [Email] Fix policy traversal (for gpg, smime, unscanable)
- NUTM-9882 [Email] Umlauts in mail addresses get corrupted if SPX encryption is used
- NUTM-10181 [Network] Remove DNSdynamic from available dynamic DNS providers
- NUTM-10307 [Network] ATP exception still working after deletion
- NUTM-10337 [Network] High CPU load by AFCd when hotspot is enabled
- NUTM-10414 [Network] Segfault in oculusd
- NUTM-2791 [Network] Fix detection of sub applications in Application Control
- NUTM-4767 [Network] SSH for single host skipping AFC check
- NUTM-9462 [Network] Update to BIND 9.11 ESV
- NUTM-10197 [RED] All REDs disconnect intermittently
- NUTM-10227 [RED] Offline provisioning does not work
- NUTM-10303 [RED] Unified FW: split networks does not work
- NUTM-10384 [RED] Update hostapd for Unified-FW
- NUTM-9026 [RED] TP-LINK MA260 dongle on RED doesn’t work anymore after update to v9.5
- NUTM-9795 [RED] RED50 issue with large packets in Transparent/Split mode
- NUTM-10060 [Reporting] ATP alerts / events not deleted after three days
- NUTM-10201 [Reporting] Unable to download S/MIME internal user certificate
- NUTM-10352 [Sandstorm] Sandstorm Activity Report table and graph do not show same data
- NUTM-10367 [Sandstorm] Sandstorm Activity Graph does not include email cached results
- NUTM-2644 [UI Framework] Webadmin prefetching list box not displaying any users, if one user contains a single tick
- NUTM-10066 [WAF] Existing certificate chain overrides after new certificate chain has been added
- NUTM-10185 [WAF] Using printenv SSI directive in custom theme causes segfault
- NUTM-10315 [WAF] Let’s Encrypt can’t be enabled after upgrade from 9.5 (/etc/ssl/certs not accessible)
- NUTM-10316 [WAF] Let’s Encrypt certificates allow wildcards in domain name list
- NUTM-10332 [WAF] Let’s Encrypt not working over IPv6
- NUTM-9809 [WAF] Potential memory allocation failure for “Rewrite HTML” + location with special characters
- NUTM-10188 [WebAdmin] [OTP] QR code not visible for the first user login
- NUTM-10214 [WebAdmin] Breach Vulnerability in WebAdmin (CVE-2013-3587)
- NUTM-6945 [WebAdmin] Popup too small for secret when deleting SHA512 OTP token
- NUTM-7381 [WebAdmin] Login to UserPortal only works at second try when using RADIUS authentication
- NUTM-9424 [WebAdmin] Webadmin session interrupted with pop-up “Backend connection failed”
- NUTM-10200 [Web] Segfault in libc-2.11.3.so
- NUTM-10284 [Web] HTTP Proxy crash with coredumps
- NUTM-9676 [Web] HTTP Proxy out-of-memory segfault / HTTP Proxy stops working with “Avira engine not available”
- NUTM-9854 [Web] Warning page bypass using crafted URLs
- NUTM-9873 [Web] File blocked due to MIME type detection even if there is an exception
- NUTM-9956 [Web] HTTP Proxy coredumps in geoip scanner
- NUTM-10365 [Wireless] RED15w: SSID isn’t broadcasted when “Enterprise Authentication” is in use