Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 38 replies
  • Subscribers 20 subscribers
  • Views 77388 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.409-8 and 9.409-9 released

twister5800

REMEMBER: Be carefull not to install before holidays :-D 


Up2Date 9.409008 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade
Connected Wifi APs will perform firmware upgrade

News:
Maintenance Release

Bugfixes:
Fix [NUTM-2392]: [AWS] Allow the user to select the security group to port during conversion
Fix [NUTM-5327]: [AWS] Confd object missing after instance recovery in HA scenario
Fix [NUTM-5339]: [AWS] [RESTD] allow unauthenticated access from localhost
Fix [NUTM-5466]: [AWS] ssh disabled - No connection to stack instances
Fix [NUTM-5882]: [AWS] Logging & Reporting overview does not show any information
Fix [NUTM-5901]: [AWS] [RESTD] Improve webadmin UI and documentation
Fix [NUTM-5981]: [AWS] Conversion feature always converts to BYOL
Fix [NUTM-6013]: [AWS] Fix communication issue with S3
Fix [NUTM-5110]: [Access & Identity] Since version 9.404 L2TP with Android doesn't work
Fix [NUTM-5562]: [Access & Identity] UTM to UTM RED Tunnel doesn't work anymore after only TLS 1.2 is allowed
Fix [NUTM-5674]: [Access & Identity] REDs offline after HA takeover - 'RED is not bound to this system, disabling device'
Fix [NUTM-5840]: [Access & Identity] 3G to WAN failover on RED15/RED50 does not work
Fix [NUTM-5661]: [Basesystem] quagga security update (CVE-2016-1245)
Fix [NUTM-5701]: [Basesystem] named fails to start after invalid host record
Fix [NUTM-5779]: [Basesystem] bind security update (CVE-2016-8864)
Fix [NUTM-5769]: [Confd] Configd error Datatype.pm line 319
Fix [NUTM-5787]: [Confd] Bridge can't be converted back to ethernet if only red interfaces are used
Fix [NUTM-5997]: [Localization] Japanese translation error if using a string longer than 64 bytes as common_name
Fix [NUTM-5533]: [Network] 'Block invalid packets' option doesn't block invalid packets
Fix [NUTM-5595]: [Network] SIP Helper behavior clarification in 'Any' expectation mode
Fix [NUTM-5513]: [Reporting] RRD reporting doesn't show the warnings and alerts of the slave nodes in cluster setups
Fix [NUTM-5655]: [Reporting] Wrong count on websecvisits data
Fix [NUTM-5792]: [WAF] WAF coredump'ed after regular session cleanup
Fix [NUTM-5856]: [WAF] Special characters are encoded when HTML rewrite is enabled
Fix [NUTM-5075]: [WebAdmin] User test is not working with LDAP special characters in Base DN
Fix [NUTM-5317]: [WebAdmin] Persistent cookie for user portal working only once
Fix [NUTM-5761]: [WebAdmin] Translation in Webadmin is not consistent (web protection)
Fix [NUTM-5811]: [WebAdmin] Misleading default QoS interface downlink/uplink values
Fix [NUTM-5888]: [WebAdmin] Since v9.408 Authentication Server test fails after first creation
Fix [NUTM-5963]: [Web] Sandstorm not delivering Emails files from "Scan Pending" state
Fix [NUTM-5303]: [WiFi] Characters in Hotspot terms of use not encoded correctly
Fix [NUTM-5876]: [WiFi] User field is blank on login at Hotspot with voucher
Fix [NUTM-6128]: [WiFi] FollowUp-NUTM-5303 - Characters in Hotspot terms of use not encoded correctly

RPM packages contained:
areca-raidtool-1.14.7_150519-0.245443774.gc41ae38.rb2.i686.rpm
firmwares-bamboo-9400-0.242918586.g2280645.rb4.i586.rpm
perf-tools-3.12.58-0.247006440.g4dc0e52.rb2.i686.rpm
red-firmware2-5037-0.244711945.gedada09.rb1.noarch.rpm
red15-firmware-5037-0.244711847.g1deb403.rb8.noarch.rpm
ep-reporting-9.40-29.g90cc60c.rb3.i686.rpm
ep-reporting-c-9.40-31.g7281c5d.rb6.i686.rpm
ep-reporting-resources-9.40-29.g90cc60c.rb3.i686.rpm
ep-branding-ASG-afg-9.40-49.g606e7f4.rb5.noarch.rpm
ep-branding-ASG-ang-9.40-49.g606e7f4.rb5.noarch.rpm
ep-branding-ASG-asg-9.40-49.g606e7f4.rb5.noarch.rpm
ep-branding-ASG-atg-9.40-49.g606e7f4.rb5.noarch.rpm
ep-branding-ASG-aug-9.40-49.g606e7f4.rb5.noarch.rpm
ep-confd-9.40-884.gca4b5d4.i686.rpm
ep-confd-tools-9.40-844.g4116001.rb9.i686.rpm
ep-ha-aws-9.40-267.ga749d04.rb2.noarch.rpm
ep-hardware-9.40-5.g9c7328b.rb2.i686.rpm
ep-hotspot-web-9.40-2.g995b903.rb2.i686.rpm
ep-libs-9.40-31.gf393e2d.rb4.i686.rpm
ep-localization-afg-9.40-29.g3b3e2a3.rb4.i686.rpm
ep-localization-ang-9.40-29.g3b3e2a3.rb4.i686.rpm
ep-localization-asg-9.40-29.g3b3e2a3.rb4.i686.rpm
ep-localization-atg-9.40-29.g3b3e2a3.rb4.i686.rpm
ep-localization-aug-9.40-29.g3b3e2a3.rb4.i686.rpm
ep-mdw-9.40-526.gf9982d4.i686.rpm
ep-migration-agent-9.40-0.246104121.ge7b057e.rb2.i686.rpm
ep-postgresql92-9.40-43.g1c68931.i686.rpm
ep-raidtools-9.40-3.geda233c.rb3.i686.rpm
ep-red-9.40-16.gd63555f.rb3.i686.rpm
ep-restd-9.40-0.247333273.g9cf7005.i686.rpm
ep-sandboxd-9.40-0.246501690.g02110ce.rb2.i686.rpm
ep-screenmgr-9.40-1.g05ac056.rb19.i686.rpm
ep-up2date-9.40-16.gf6c446d.rb2.i686.rpm
ep-up2date-downloader-9.40-16.gf6c446d.rb2.i686.rpm
ep-up2date-pattern-install-9.40-16.gf6c446d.rb2.i686.rpm
ep-up2date-system-install-9.40-16.gf6c446d.rb2.i686.rpm
ep-webadmin-9.40-738.gabd230e.rb5.i686.rpm
ep-webadmin-contentmanager-9.40-49.g76da84a.rb14.i686.rpm
ep-cloud-ec2-9.40-44.g9e00ba0.rb2.i686.rpm
chroot-bind-9.10.4_P4-1.g18ebdbb.rb5.i686.rpm
chroot-ipsec-9.40-9.gf6f1284.rb6.i686.rpm
chroot-reverseproxy-2.4.10-247.g9afa6f6.rb2.i686.rpm
quagga-chroot-0.99.24-1.g2274434.rb9.i686.rpm
kernel-smp-3.12.58-0.247006440.g4dc0e52.rb2.i686.rpm
kernel-smp64-3.12.58-0.247006440.g4dc0e52.rb2.x86_64.rpm
ep-release-9.409-8.noarch.rpm



This thread was automatically locked due to age.
Parents

  • Hi together,

    I'm having the same problem here:

    IPsec/Cisco VPN is not working anymore. The connection is established successful and visible in the logs. But afterwards, you cannot do or see anything on client- and server-side.

    However, SSL/OpenVPN is still working fine as a temporary workaround. (I'm using the Apple On-Demand feature with Cisco VPN nearly every day, so SSL is really just a workaround in my case.)

    I hope there's a bugfix soon. :-)

    Greets

    DomNik

  • in reply to DomNik

    have you tried to look in the firewall if the packets are dropped?

     

    Last week I saw an issue with sslvpn, where packets from one user suddenlywas dropped, even though it had been working for years and "Auto Firewall Rules" was set on the SSLVPN config.

     

    I added the vpn pool (ssl) to a new any any fw rule, at after that it worked.??

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v19 Architect

  • in reply to twister5800

    In the log for the firewall I don't see a problem, (I activated the protocols). But in the graph there is a high increase of "attacks" in the time I connected., a new rule hasn't worked in my case.

  • in reply to Steffen Teichmann

    Steffen Teichmann said:

    In the log for the firewall I don't see a problem, (I activated the protocols). But in the graph there is a high increase of "attacks" in the time I connected., a new rule hasn't worked in my case.

     

     

    can you post the IPS log maybe?

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v19 Architect

  • in reply to Steffen Teichmann

    The SSL VPN likes to trigger flood protection...

  • in reply to twister5800

    I've checked all logs and tried several configuration changes like any to any rules, disabled IPS, disabled flood protection and so on.

    This must be some kind of bug in the IPsec/Cisco VPN services in the new version. :-(

Reply Children
Unfiltered HTML