Sophos UTM Update v9.700 released
Sophos has completed UTM version 9.700. This version will be available in small stages. In the first step, you can download it via the FTP server. Later, the update will also be distributed via the Up2Date server.
Important: If you use RED Site-to-Site connections, you should refrain from using this version for now. There have already been some reports that after the update to version 9.7, problems with Site-to-Site connections have emerged.
Important: Please note that installing this version will restart the system. Afterwards, the configuration will be updated and all connected Access Points and REDs will undergo a firmware upgrade.
APX Access Points Support
The “new” Access Points from Sophos, the APX series, could previously only be managed via Sophos Central or Firewalls with SFOS. Initially, Sophos stated that the UTM would not receive support for the new APX series. This statement has been completely abandoned, and with v9.7, all APX Access Points are now supported on the UTM. We explain exactly what is “new” about these APX Access Points in the following blog post: Sophos Access Points with Wave 2
For friends of UTM, this is certainly great news. Planning for the replacement of the aging AP series can now begin. Many who were still using the first generation (AP30/AP50) probably did not find an investment in the second generation (AP55/AP100) very attractive, as these Access Points have been sold since 2015. Nobody likes to buy hardware that is already so old. Here you will find direct links to our product pages:
Certificate Chain support for WebAdmin, UserPortal, and WebProxy
The UTM now also supports the use of certificates from sub-CAs for the UTM.
New protocol for RED Site to Site connections
As mentioned in the notice box at the beginning, this new protocol seems to be causing problems, so you should probably wait with the update. The UTM now uses the same protocol as is used on the XG Firewall for Site-to-Site connections. This makes the outdated RED Site-to-Site connection unnecessary.
UTM Endpoint Management
Sophos has not sold new licenses for UTM Endpoint Protection since the end of 2018. For what feels like 2 years, this menu item has strongly indicated that Central should be used. Existing customers could also switch to Central for free if an active license was still available.
Support will now be discontinued from the end of 2019, and with the new version, some buttons will also disappear. What remains is the option to disable tamper protection so that the endpoint can be uninstalled from the client.
If anyone is still using this antivirus, it is best to switch to Sophos Central today:
For Client Operating Systems
For Server Operating Systems
IKEv2
I’m sorry if I gave you hope with this title. No, there is still no IKEv2 support in v9.7. But currently, the feature is still on the roadmap and is expected to appear in v9.8. However, Sophos states that roadmap dates are without guarantee!
Bug Fixes
- NUTM-10804 [Access & Identity] strongSwan vulnerability fix (CVE-2010-2628, CVE-2018-17540)
- NUTM-10485 [Email] POP3 E-Mail blocked message won’t be displayed properly in some MS Outlook versions
- NUTM-10745 [Email] Quarantine mail older than 14 days are not getting removed
- NUTM-10958 [Email] Quarantined SPX Mails which are released are still available on UTM
- NUTM-10192 [RED] Patch OpenSSL (CVE-2018-0732)
- NUTM-11141 [Sandstorm] Add support for Sandstorm’s Frankfurt data centre
- NUTM-10454 [WAF] SAVI integration doesn’t support scanning files larger than 2GB
- NUTM-10873 [WAF] Underscore in DNS-Hostname makes WAF unusable
- NUTM-11162 [WAF] Authentication through WAF with URL hardening enabled and umlaut in password fails
- NUTM-11202 [Web] Conform to Apple’s new certificate requirements introduced in iOS13 and macOS10.15
