Sophos Up2date

| Posted on by



Important Notes

The initial UTM 9.703 release was pulled back. More information and RCA can be found in the KBA at: https://community.sophos.com/kb/en-us/135383.

The code change for “NUTM-11173 [Basesystem] IPsec doesn’t re-connect on DHCP interface after firmware upgrade” is reverted and a new version of UTM 9.703 is available at their download server.

There are two update packages available: One for customers, who are still on UTM 9.702 (u2d-sys-9.703.tgz.gpg) and One for customers, who have already updated to 9.703-2 (u2d-sys-9.703.tgz.gpg). Both update will be available via our Up2Date server later. Sophos Author In the effort to continuously improve the accuracy of our Application classifications, the following characteristic and risk changes are planned for April 13th, 2021. Users who have configured existing characteristics and/or risk-based application f.

There are two update packages available:

  • One for users, who are still on UTM 9.702 (u2d-sys-9.702001-703003.tgz.gpg) and
  • One for users, who have already updated to 9.703-2 (u2d-sys-9.703002-703003.tgz.gpg).

Both update will be available via their Up2Date server later.

Up2Date Information

News

  • Maintenance Release

Remarks

  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade

Issues Resolved

  • NUTM-9381 [Access & Identity] WebAdmin user getting an error while browsing ‘Sophos Transparent Authentication Status’ tab
  • NUTM-11258 [Access & Identity] [SAA] Wrong version of SAA displayed in Windows with MSI installer
  • NUTM-11578 [Access & Identity] Patch strongSwan (CVE-2019-10155)
  • NUTM-11589 [Access & Identity] [SAA] Add TLS 1.2 support for Windows client
  • NUTM-11590 [Access & Identity] [SAA] Add TLS 1.2 support for macOS client
  • NUTM-11675 [Access & Identity] Patch PPTP and L2TP pppd (CVE-2020-8597)
  • NUTM-11109 [Basesystem] Status lights blinking green constantly on SG 1xx and XG 1xx series
  • NUTM-11255 [Basesystem] Fix “Internet IPv6” binding in case of multiple IPv6 uplinks
  • NUTM-11417 [Basesystem] SG115rev3 HA eth3 interface flapping after update to 9.7
  • NUTM-11645 [Basesystem] Patch libxml2 (CVE-2019-19956, CVE-2020-7595)
  • NUTM-11561 [Configuration Management] Unable to load certificate list in WebAdmin when large number of certificates present
  • NUTM-10803 [Email] S/MIME signed mails have an invalid signature if 3rd party CA is used
  • NUTM-11240 [Email] Recipient verification fails due to incomplete LDAP search query
  • NUTM-11662 [Email] Bad request for release mails out of the quarantine report after update to 9.7 MR1
  • NUTM-11485 [Kernel] Patch Linux Kernel (CVE-2019-18198)
  • NUTM-11288 [Localization] AWS Current Stack link is incorrect
  • NUTM-11081 [Network] Up-link balancing not clearing conntracks when interface goes down
  • NUTM-11218 [Network] ulogd restarting/core-dumps
  • NUTM-11614 [Network] Increase GARP buffer
  • NUTM-11676 [Network] Patch pppd (CVE-2020-8597)
  • NUTM-11573 [RED] RED interface doesn’t obtain IP after UTM reboot
  • NUTM-11467 [RED_Firmware] RED15w WPA/WPA2 enterprise cannot connect
  • NUTM-11822 [RED_Firmware] RED15 firmware update might fail if flash has bad blocks
  • NUTM-11378 [Reporting] Top5 Malware won’t be displayed in Executive Reports if those are sent as PDF
  • NUTM-11220 [Sandstorm] When opening Sandstorm activity which contains Korean characters for example, you get this error “cannot decode string with wide characters at encode.pm line 174”
  • NUTM-10202 [UI Framework] [SAA] Live user table doesn’t scale with very long names
  • NUTM-11084 [UI Framework] Webadmin Information popup not visible
  • NUTM-11191 [UI Framework] Can’t download certificate in WebAdmin when name contains apostrophe
  • NUTM-11584 [UI Framework] Replace FTP Up2date download link in WebAdmin with HTTPs
  • NUTM-11598 [UI Framework] Internal Server Error alert thrown with initial Webadmin request after installation
  • NUTM-11725 [UI Framework] Update prototype
  • NUTM-11130 [Web] Add configuration for savi_scan_timeout
  • NUTM-11346 [Web] Warn page proceed fails due to missing parameters
  • NUTM-10269 [Wireless] SSID stops broadcasting
  • NUTM-11581 [Wireless] User with “Wireless Protection Manager” rights is unable to change wireless settings if mesh is configured

Related Posts

Today we have released ASG Up2Date 8.002. The main purpose of this release is to address the majority of the outstanding bugs which have been reported since 8.001, increasing the stability of your ASG V8 installation. For those still using Version 7, the 8.002 Up2Date will also act as the destination 'landing' version for the upcoming one-touch V7–>V8 Hardware Appliance Upgrade which will be available as part of the ASG 7.508 Up2Date release in October. We will have more information on the appliance upgrade process for you at that time. Read on for the full details of this Up2Date.

The 8.002 release also adds a feature for having SMTP Footers which are configurable per-profile, allows for ASG to communicate with two Astaro Command Center installations simultaneously, and adds some new options and tweaks for Web Application Security (reverse proxy). The ACC feature is something many partners have asked for, since each ACC server can have different management permissions. In this way, partners can retain full management control of installations for their customers, while still letting the customer see and interact with their sites in a lesser way with reduced permissions (or vice-versa) using a second Astaro Command Center.

Lastly, for those anxiously awaiting the 8.100 Beta which will introduce V8-support for our newly released Wireless Access Points, this is currently planned to start near the end of October. Stay tuned for more information!

ASG Up2Date 8.002 Details

News:

  • Feature: SMTP Mail footer now configurable per-profile
  • Feature: Allow for two WAS SSL frontends with same (wildcard) SSL certificate to share a port
  • Feature: Option to pass the HTTP Host header through WAS untouched
  • Feature: Allow configuration of second ACC server (with different permissions)
  • Added: Support for Agere Systems ET-131x PCI-E Ethernet Controller

Remarks:

  • System will be rebooted
  • Configuration will be updated
Sophos up2date index

Fixes:

  • [ID14416] ASG cannot join a Windows 2008 server domain when server is specified in WebAdmin
  • [ID14564] Packetfilter rule using Single Time Event does not get created
  • [ID14627] Local IP addresses counted for license check
  • [ID14699] Interface MTU settings not set correctly on HA slave
  • [ID14706] Packetfilter breaks if a rule used a big service group
  • [ID14712] ip-win32 dynamic option in the SSL Client Conf doesn’t work with Linux, BSD, MAC OSX.
  • [ID14736] Email confidentiality footer gets injected in unsuitable email parts
  • [ID15119]: Fix Acc-Agent includes for IPSecSite2Site.pm
  • [ID15131]: Adapt ACC Single Sign-On to two ACC Servers

Sophos Up2date Download

Sophos

Download:
Link: ftp://ftp.astaro.de/pub/Astaro_Security_Gateway/v8/up2date/u2d-sys-8.002.tgz.gpg
Md5sum: 28f548cc270a392d063255e416cb7c42
Size: 106.764.278 bytes (Approx. 102 MB)

For the ASG 8.0 Release Notes click here.

Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Sophos Up2date
  1. Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the 'Watch Up2Date Progress in new window' and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
  2. Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro AxG Up2Date Download Mirrors:

Feedback

  • If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. '[8.001] Web Application Security Question').
  • If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
  • There is also a demo server for public use: http://demo.astaro.com

(All Up2Dates are GNUPG-signed!)

Regards,

Sophos Up2date

Angelo Comazzetto
ASG Product Manager