Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 41 replies
  • Subscribers 14 subscribers
  • Views 67210 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.406-3 released

twister5800


Up2Date 9.406003 package description:

Remark:
System will be rebooted

News:
Security Release

Bugfixes:
Fix [NUTM-1616]: [AWS] Change AMI type to HVM
Fix [NUTM-4839]: [AWS] AWS Instances in GovCloud need to use S3 buckets in GovCloud
Fix [NUTM-5013]: [Network] TCP Vulnerability (CVE-2016-5696)

RPM packages contained:
perf-tools-3.12.48-0.237935773.g86aa827.i686.rpm
ep-ha-aws-9.40-191.g83c01f2.rb1.noarch.rpm
ep-webadmin-9.40-640.g7ad4baa.rb8.i686.rpm
ep-cloud-ec2-9.40-26.g00cde1e.rb2.i686.rpm
kernel-smp-3.12.48-0.237935773.g86aa827.i686.rpm
kernel-smp64-3.12.48-0.237935773.g86aa827.x86_64.rpm
ep-release-9.406-3.noarch.rpm



This thread was automatically locked due to age.
  • in reply to NathanPoulos

    NathanPoulos said:

    Disconnect your firewall from the modem, power down your firewall, power down your modem and leave your modem powered down for 1 minute.  Restore power to the modem and let it completely boot.  Plug the firewall back into the modem and power up the modem.  Leave your WAN link in automatic mode do not set a speed and duplex.  See if that gets you back.

    UNBELIEVEABLE!!!!!  I wasted several days on this! :(  Turns out all I had to do was wait a measly minute.


    Thanks

  • in reply to korgull

    Yup no problem. Modems will typically only attached to one MAC address and a basic quick reboot for some reason doesn't clear them.  Always good to do a good long power off when messing around with settings.  Also, setting the WAN NIC to gigabit or full duplex can be an issue.  Always use Auto negotiation unless you are hard setting both sides of the network cable.

  • Applied this patch to a customer SG330 who have a satellite site using RED 50. Few days later the satellite site lost its connection and suddenly UTM deauthorised the RED 50. The tick box for "Automatic deauthroisation of RED units" is and always has been unticked. 

    Im now very reluctant to continue rolling this patch out to other customers. I have one customer with over 20 REDs.

    Have to agree with others that Sophos are very bad at patch control/quality and now forced me as a business to look at other vendors who can actually deliver a stable solution 

  • in reply to twister5800

    twister5800 said:

    I know it may be hard work to mask confidential info, but can you send the whole live log from ipsec for a whole day?

    Have you started a support case with support?

    There's just nothing useful in there at all. I've opened a support ticket with the Japanese reseller and will revert to Sophos proper should the reseller be unable to solve the problem. Currently, one of the tunnels works intermittently and the other doesn't work at all.

  • in reply to utmng_kid

    Shrikant, did you try restoring a backup from just before the Up2Date was applied?  Did you try a reboot?  How did you resolve this problem?

    Cheers - Bob

  • in reply to BAlfson

    Hello Sir ,

    I disable vpn ,and disable some features and function now system is not getting halted but i am getting some dumps and confd and cssd

     ls -ltr
    total 427920
    -rw-r--r-- 1 root root 217264128 Sep 20 20:00 cssd.5361
    -rw-r--r-- 1 root root  21643264 Sep 21 11:41 ctasd.bin.5387
    -rw-r--r-- 1 root root  41308160 Sep 21 22:33 confd.plx.12900
    -rw-r--r-- 1 root root  39899136 Sep 21 22:40 confd.plx.13802
    -rw-r--r-- 1 root root  38129664 Sep 22 04:58 confd.plx.20432
    -rw-r--r-- 1 root root  39899136 Sep 22 05:16 confd.plx.22234
    -rw-r--r-- 1 root root  40042496 Sep 22 05:16 confd.plx.22258

    please feel free to email me ,rember  gujarat installtion ? :)

    Thanks

  • in reply to utmng_kid

    Do a backup and save that on a USB Stick.

    Do a complete restore and install with newest ISO.

    Then let us now the results :-)

  • in reply to Trane Francks

    Trane Francks said:

    There's just nothing useful in there at all. I've opened a support ticket with the Japanese reseller and will revert to Sophos proper should the reseller be unable to solve the problem. Currently, one of the tunnels works intermittently and the other doesn't work at all.

    Hmm...Let's hope this not is the work of the Great Firewall :-)
    But serious! - have you tried to download a backup and restore from earlier ISO? 9.404?
  • in reply to twister5800

    No easy way for me to restore. I'm half-way across the country remotely administering this network.

  • Sophos released 9.407-3 today, there is a new feature for DHCP MTU issue in confd, you can fix it with this:

    Login as loginuser then root in ssh shell:

    cc 
    RAW 
    lock_override 
    OBJS 
    interface 
    ethernet (or cable, or other type) 
    REF_ (Tap TAB two times - then you can see the interface list. Mine is called "REF_IntCabExternaWan[WAN,interface,ethernet]"
    (You will get a look like this:)

    'additional_addresses' => [],
    'bandwidth' => 0,
    'comment' => 'Added by installation wizard',
    'inbandwidth' => 100000000,
    'itfhw' => 'REF_ItfEthEth1',
    'link' => 1,
    'mtu' => 576,
    'mtu_auto_discovery' => 1,
    'name' => 'WAN',
    'outbandwidth' => 20000000,
    'primary_address' => 'REF_ItfPri000024',
    'proxyarp' => 0,
    'proxyndp' => 0,
    'status' => 1
    }

    Then write:

    mtu_auto_discovery=0 
    w  (write the changes) 

    Now go into Webadmin and find the WAN link, change the MTU under Advanced to 1500 and voila! :-)

    Read more here:

    https://community.sophos.com/products/unified-threat-management/f/52/t/80641