Sophos UTM update v9.700 released
Sophos has completed UTM version 9.700. This version will be available in small stages. In the first step you can download it from the FTP server. Later, the update will also be distributed via the Up2Date server.
Important: Those who use RED site-to-site connections should keep their hands off this version for the time being. There has already been some feedback that after updating to version 9.7, problems with site-to-site connections have surfaced.
Important: Note that when you install this version, the system will reboot. Then the configuration is updated and all connected Access Points and REDs undergo a firmware upgrade.
APX Access Points Support
Sophos’s “new” access points, the APX series, could previously only be managed via Sophos Central or firewalls with SFOS. At first, Sophos said that the UTM would not receive support for the new APX series. They have completely moved away from this statement and with v9.7 all APX access points are now supported on the UTM. What exactly is “new” about these APX access points, we explain in the following blogpost: Sophos Access Points with Wave 2
For friends of UTM this is certainly great news. Planning for the replacement of the aging AP series can now begin. Many who were still using the first generation (AP30/AP50) probably did not find investing in the second generation (AP55/AP100) very attractive either, since these access points have been sold since 2015. Nobody likes to buy hardware that is already so old. Here you can find the direct links to our product pages:
Certificate Chain support for WebAdmin, UserPortal and WebProxy
The UTM now also supports the use of certificates from sub-CAs for the UTM.
New protocol for RED site-to-site connections
As mentioned in the message box at the beginning, this new protocol seems to cause problems, so you should rather wait with the update. The UTM now uses the same protocol as is used on the XG Firewall for site-to-site connections. Thus, the outdated RED site-to-site connection is no longer necessary.
UTM Endpoint Management
Sophos has already stopped selling new licenses for UTM Endpoint Protection since late 2018. Also, for what feels like 2 years, this menu item has been strongly suggested that you should use Central after all. Existing customers could also switch to Central for free if they still had an active license.
Support will now be discontinued from the end of 2019 and with the new version, some buttons will then also disappear. What remains is the possibility to disable Tamper Protection so that you can uninstall the endpoint from the client.
If anyone is still using this AntiVirus, it is best to switch to Sophos Central today:
For client operating systems
For server operating systems
IKEv2
I’m sorry if I gave you hope with that title. No, there is still no IKEv2 support in v9.7. But currently, the feature is at least still on the roadmap and should appear in v9.8. However, according to Sophos, the times given in the roadmap are without guarantee!
Bug fixes
- NUTM-10804 [Access & Identity] strongSwan vulnerability fix (CVE-2010-2628, CVE-2018-17540)
- NUTM-10485 [Email] POP3 email blocked message won’t be displayed properly in some MS Outlook versions
- NUTM-10745 [Email] Quarantine mail older than 14 days are not getting removed
- NUTM-10958 [Email] Quarantined SPX mails which are released are still available on UTM
- NUTM-10192 [RED] Patch OpenSSL (CVE-2018-0732)
- NUTM-11141 [Sandstorm] Add support for Sandstorm’s Frankfurt data centre
- NUTM-10454 [WAF] SAVI integration doesn’t support scanning files larger than 2GB
- NUTM-10873 [WAF] Underscore in DNS hostname makes WAF unusable
- NUTM-11162 [WAF] Authentication through WAF with URL hardening enabled and umlaut in password fails
- NUTM-11202 [Web] Conform to Apple’s new certificate requirements introduced in iOS13 and macOS10.15