Shopping Cart

No products in the cart.

Sophos UTM update v9.6 released

Sophos has released UTM version 9.600. We have listed all the new features that have made it into version 9.6:

Let’s Encrypt Integration

Many have wished for an integration of Let’s Encrypt on the UTM. With version 9.6, the long wait now seems to be over. The certificate can be created via the WAF and is renewed automatically.

Tip: If you have set up a DNAT for HTTP, you must disable it on the interface where Let’s Encrypt has been configured. Country blocking can also interfere here, so an exception should be created.

ATP: New Advanced Threat Protection Library

Advanced Threat Protection has received a new library and now offers even more protection and better performance.

RED: New RED Firmware

The RED 15 and RED 50 will get a new firmware that will include up-to-date drivers for 3G/4G USB sticks. This should improve the support of such 3G/4G sticks.

Sandstorm: Manual data transfer and reports

In the future, an administrator will be given the option to manually upload a file to Sophos Sandstorm for execution. So now even files that were not received via email or web download can be analyzed with Sophos Sandstorm. Also, reporting in Sandstorm has been improved to provide more detailed data over a period of time.

SMTP Proxy: Improvements

The SMTP proxy gets a support for the “Submission Port” and a configurable “Listen Address”.

WAF: Custom Error Page

All error pages delivered by WAF can now be customized with custom themes. It is now also possible to provide your own corporate identity on all pages.

Disillusionment regarding IKEv2

IKEv2 has been requested very often by the community. According to Sophos, it was no longer enough to integrate IKEv2 into UTM 9.6. Seriously, don’t count on IKEv2 for the UTM anymore! If we look at XG’s roadmap, it is extremely full and this is clearly where the main focus is. The UTM roadmap, on the other hand, is practically empty in comparison.

If you absolutely need IKEv2, we would recommend that you make the switch to the new SFOS operating system as soon as possible. If you have an SG appliance, there is not even a cost for the switch and the license term is also taken over. If you need assistance with the migration, we will be happy to help. As of today (11/23/2018), we have not had a UTM installed for 1.5 years, only XGs. We only had to call on our UTM know-how during the several migrations to SFOS.

Note: During the update, the UTM system is rebooted and the configuration is updated. Keep in mind that a firmware update will also be performed on the connected REDs and Access Points.

Important: After updating to UTM 9.6, the old HTML template for content warning in HTTP proxy does not work correctly anymore. Please download the updated templates , adapt them to your needs and upload them again to the UTM. For more information, please see the following post: KBA133167 – Sophos UTM: Changes to customized web templates in 9.6 .

Bug fixes

  • NUTM-10128 [Access & Identity] MDW waits hours for lock on shared cache with AUA
  • NUTM-10130 [Access & Identity] Unable to connect RDP type bookmark with NLA
  • NUTM-7418 [Access & Identity] SAA – Rename Client Auth CA
  • NUTM-9368 [Access & Identity] SSL VPN: optional user auth not working
  • NUTM-9525 [Access & Identity] Disk filling up with argos error messages in endpoint.log
  • NUTM-9843 [Access & Identity] HTML5 VPN portal connections periodically stop working until service is restarted
  • NUTM-10080 [Basesystem] Update to latest Avira SAVAPI version
  • NUTM-10366 [Basesystem] Missing IP address in IPset of user network for STAS
  • NUTM-9783 [Basesystem] IPsec routing issue if gateway interface has additional addresses
  • NUTM-9810 [Basesystem] IPset Object takes 30 seconds to update after SSL VPN connection was established
  • NUTM-9860 [Basesystem] Selfmon trying to start DHCP even when not in use
  • NUTM-10226 [Email] Can’t release POP3 messages due to URL in User Portal
  • NUTM-9681 [Email] cssd coredumps and root partition is filling up
  • NUTM-9716 [Email] S/MIME encryption – automatic certificate extraction causing high load / no webadmin access
  • NUTM-9733 [Email] Change default encryption algorithm to ‘smime’.
  • NUTM-9853 [Email] Fix policy traversal (for gpg, smime, unscanable)
  • NUTM-9882 [Email] Umlauts in mail addresses get corrupted if SPX encryption is used
  • NUTM-10181 [Network] Remove DNSdynamic from available dynamic DNS providers
  • NUTM-10307 [Network] ATP exception still working after deletion
  • NUTM-10337 [Network] High CPU load by AFCd when hotspot is enabled
  • NUTM-10414 [Network] Segfault in oculusd
  • NUTM-2791 [Network] Fix detection of sub applications in Application Control
  • NUTM-4767 [Network] SSH for single host skipping AFC check
  • NUTM-9462 [Network] Update to BIND 9.11 ESV
  • NUTM-10197 [RED] All REDs disconnect intermittently
  • NUTM-10227 [RED] Offline provisioning does not work
  • NUTM-10303 [RED] Unified FW: split networks does not work
  • NUTM-10384 [RED] Update hostapd for Unified-FW
  • NUTM-9026 [RED] TP-LINK MA260 dongle on RED doesn’t work anymore after update to v9.5
  • NUTM-9795 [RED] RED50 issue with large packets in Transparent/Split mode
  • NUTM-10060 [Reporting] ATP alerts / events not deleted after three days
  • NUTM-10201 [Reporting] Unable to download S/MIME internal user certificate
  • NUTM-10352 [Sandstorm] Sandstorm Activity Report table and graph do not show same data
  • NUTM-10367 [Sandstorm] Sandstorm Activity Graph does not include email cached results
  • NUTM-2644 [UI Framework] Webadmin prefetching list box not displaying any users, if one user contains a single tick
  • NUTM-10066 [WAF] Existing certificate chain overrides after new certificate chain has been added
  • NUTM-10185 [WAF] Using printenv SSI directive in custom theme causes segfault
  • NUTM-10315 [WAF] Let’s Encrypt can’t be enabled after upgrade from 9.5 (/etc/ssl/certs not accessible)
  • NUTM-10316 [WAF] Let’s Encrypt certificates allow wildcards in domain name list
  • NUTM-10332 [WAF] Let’s Encrypt not working over IPv6
  • NUTM-9809 [WAF] Potential memory allocation failure for “Rewrite HTML” + location with special characters
  • NUTM-10188 [WebAdmin] [OTP] QR code not visible for the first user login
  • NUTM-10214 [WebAdmin] Breach Vulnerability in WebAdmin (CVE-2013-3587)
  • NUTM-6945 [WebAdmin] Popup too small for secret when deleting SHA512 OTP token
  • NUTM-7381 [WebAdmin] Login to UserPortal only works at second try when using RADIUS authentication
  • NUTM-9424 [WebAdmin] Webadmin session interrupted with pop-up “Backend connection failed”.
  • NUTM-10200 [Web] Segfault in
  • NUTM-10284 [Web] HTTP Proxy crash with coredumps
  • NUTM-9676 [Web] HTTP Proxy out-of-memory segfault / HTTP Proxy stops working with “Avira engine not available”.
  • NUTM-9854 [Web] Warning page bypass using crafted URLs
  • NUTM-9873 [Web] File blocked due to MIME type detection even if there is an exception
  • NUTM-9956 [Web] HTTP proxy coredumps in geoip scanner
  • NUTM-10365 [Wireless] RED15w: SSID isn’t broadcast when “Enterprise Authentication” is in use

Patrizio is an experienced network specialist with a focus on Sophos firewalls, switches and access points. He supports customers or their IT department in the configuration and migration of Sophos firewalls and ensures optimal network security through clean segmentation and firewall rule management.

Subscribe Newsletter

We send out a monthly newsletter with all the blog posts for that month.