UTM Up2Date 9.314 Released

UTM Up2Date 9.314 Released

nsgWe’ve just released a new Up2Date package for all UTM 9.3 users.

It introduces several fixes and improvements for our current UTM platform.


For more details, please consult the following notes.


  • Maintenance Update


  • System will be rebooted
  • Configuration will be upgraded
  • Connected Wifi APs will perform firmware upgrade


  • 22437 HTML5 RDP: swiss keyboard not working with ALT-Gr-letters using Chrome
  • 23348 Multipath for ftp over http isn’t working when control and data connection use different path
  • 30224 Parallel dns queries fail on identical source port
  • 31261 Support Japanese PDF version of Daily Executive Report
  • 31910 Request dns_host object info causes high system load due to large confd_objects table
  • 32594 WAF: Disable backend connection pooling
  • 32862 Traffic is included in statistics and executive reports although an exception exists
  • 33666 HTTP server (UserPortal/WebAdmin) has missing/wrong error handling for “CONNECT” method
  • 33716 Dashboard shows AntiSpam is active for protocols POP3 with Basic Guard License
  • 33958 IPFIX is mixing data streams in HA/Cluster mode
  • 34210 BGP Soft-reconfiguration not honoured
  • 34234 AFC problem with HTTPS in transparent mode
  • 34333 Webadmin backend connection failed ‘Shift + f5’-reload causes incorrect and premature failed login alert
  • 34460 IE 9/10 crashes when displaying 4xx/5xx error page
  • 34495 QoS: Disabling Download Equalizer breaks Downlink limit
  • 34510 NTLMSSP_AUTH not send from Windows 7 workstations
  • 34533 Browser-language should be used for keyboard layout in HTML5 portal RDP connections
  • 34554 Suppress snmpd logline “Wrong netlink message type 3”
  • 34575 AP10/AP30 – auto channel selection always selects channel 1
  • 34612 device-agent restarting constantly
  • 34622 History back traverse broken in chrome
  • 34626 Long path name in site path routing breaks WAF
  • 34655 Web Protection reporting will be not displayed correctly if you use a german webadmin
  • 34666 FTP Proxy: frox segfault in realloc
  • 34684 Wireless.log shows lots of messages like “rt305x-esw 10110000.esw: link changed”
  • 34693 HTML5 portal kicks users with configuration changed message on every aptp update
  • 34695 Kernel: Unable to handle kernel NULL pointer dereference at (null)
  • 34724 OBJECT_NAMESPACE collision when whitelist/blacklist with identical name is deployed via SUM
  • 34788 HTTP Proxy: segfault in tcmalloc::ThreadCache
  • 34791 HTML5 VPN: keyboard input not working on Android devices
  • 34793 Email graph missing in executive report
  • 34812 SPF check against IPv6 subnet does not work.
  • 34824 device-agent sticks when deployment is taking too long
  • 34845 Remote Access graph shows wrong values
  • 34853 Mail Manager: perl runtime error when subject contains double byte characters
  • 34871 IPsec Remote Access connection may fail to acquire an IP from pool of static IPs
  • 34872 Up2Date Cache setting not updated when changing SUM host
  • 34882 Imported SMIME cert fills up storage partition
  • 34887 Up2Date not possible caused by DNS issue
  • 34888 True type file inspection should not be executed if MIME type blocking is disabled
  • 34891 ‘Show IP BGP Unicast’ button not working
  • 34902 Outgoing spam is always quarantined even though (confirmed) spam action is “warn”.
  • 34907 HTTP Proxy: deflate zlib data according to RFC
  • 34911 Backend AD sync shows error messages in aua.log
  • 34917 Dashboard times out in case of many interfaces
  • 34924 SMIME signed invitations will loose the “meeting” features in outlook
  • 34927 Change default algorithm for creating CAs to sha256
  • 34939 WAF reverse auth Japanese characters garbled
  • 34943 afcd memleak in 9.310
  • 34945 Network monitor daemon segfault / coredump
  • 34950 Can’t enable Cisco VPN anymore after the last user was deleted
  • 34954 HTTP filter action still shows the old category name after the name was changed
  • 34968 AP55C not becoming active
  • 34970 AP100C/AP55C: IFUP_ERROR
  • 34972 memtest does not work on SG series
  • 34974 BGP with IPv6 is broken
  • 34975 HTTP Proxy: core dump kernel_vsyscall
  • 34978 RED50 doesn’t work with some big packets
  • 34984 Can’t use string (“0”) as a HASH ref while “strict refs” in use at /wfe/asg/modules/asg_wireless.pm line 3714
  • 34988 RED50 ignores list of allowed VLAN tags in ‘Tagged’ VLAN port operation
  • 34993 Dashboard does not display traffic data for ethernet vlan interface types
  • 35003 Untrusted issuer warnings for trusted CAs
  • 35005 It is not possible to create a second convert bridge
  • 35006 syslog-ng reaching max connections due to hotspot traffic
  • 35013 DPD not set in case remote device is sending DPD vendor payload not in the first main mode message
  • 35017 Websec-reporter creates coredumps
  • 35018 HTTP Proxy: EpollWorker segfault in kernel_vsyscall
  • 35025 SPX: no NDR is sent out if recipient does not register
  • 35026 HTTP Proxy: Country blocking exceptions for destination not working
  • 35028 Timezone update 2015c
  • 35034 DLP emails are not visible in Mail Manager SMTP Log if DLP action is “Allow”
  • 35040 HTTP Proxy: POST request fails with “broken pipe”
  • 35042 Error output while executing repctl -m command
  • 35057 Internal Wifi adapter is active on slave node in HA
  • 35070 SSL VPN: change default DH key size to 2048 and add key size 3072/4096
  • 35073 SafeSearch does not block all provocative images
  • 35107 Can not display “Endpoint Protection” summary page when there is an Endpoint without group
  • 35108 Day in Dashboard date sometimes off by one
  • 35128 User portal fallback language is not set to what it suppose to be set
  • 35133 SPX: Reply portal shows wrested email recipient and sender addresses in original message
  • 35137 Endpoint – USB exemptions configured on the UTM do not work for some USB sticks
  • 35141 WIFI-Client can’t get an IP if static and dynamic VLAN is same
  • 35161 Hotspot login page is looping if the interface for the hotspot is a RED vlan interface and QoS is enabled on the interface
  • 35165 Problem displaying quarantined emails in case several addresses are in cc
  • 35176 IPTables will not update if you add a host to a network group which is used in a packetfilter rule
  • 35177 SPX encryption does not work if From header is invalid
  • 35183 HTML5 VPN: mobile keyboard not working on iOS devices in Safari
  • 35185 SPX: Password registration form (PW specified by recipient) does not work due disabled reply portal
  • 35199 Mail Manager: “\” in Sender/Rcpt/Subject substring causes a perl error
  • 35200 SSID and PSK disappear from Voucher
  • 35225 Background channel switching doesn’t work on AP55C/AP100C
  • 35226 Mail Manager: perl runtime error while trying to view an email without mail body
  • 35228 handle nvme devices during installation
  • 35229 Access control: Mail Protection Manager can not create any exceptions
  • 35240 Web Proxy duplicates headers in XSS request
  • 35245 Raid monitor not running
  • 35256 Middleware logs error for uninitialized value during regex operation
  • 35257 Not possible to add Network group object as “Network Protection Manager”
  • 35266 Uncategorized websites show up in reports as Categorization Failed
  • 35272 Mail Manager: incorrect pagination when removing entries
Up2date link: ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.313003-314013.tgz.gpg
Up2date MD5sum:
File size: 151 MB

Up2Date Installation:

Sophos Up2Date technology makes it easy to upgrade your Sophos UTM to the latest version.
There are two ways to apply an already-downloaded Up2Date package to the system:

  1. Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use “Update to latest version now” to install the Firmware Up2Date. Click on the “Watch Up2Date Progress in new window” and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
  2. Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

If you want to provide feedback or want to discuss any of the UTM V9 features you should post it on our User Bulletin Board. Please indicate the version you are using to help us (and everyone helping you).


  • If you have any feedback on our help, manual, or any documentation (Online Help) please send it to nsg-documentations@sophos.com.
  • You are free to use our new demo server environment without hassle, nags, or registration. Enjoy!

Alan Toews
Technical Product Manager

Filed under: Corporate Tagged: up2date, UTM, UTM 9.314, utm9


Sample Modal Window

This is just a sample…

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent suscipit iaculis libero sed tristique. Quisque mollis dolor non tellus placerat vitae sodales lectus porta. Curabitur ut suscipit tellus. Maecenas rhoncus, ante vitae vehicula vestibulum, metus sapien dapibus tellus, et mattis dolor neque vitae nisl. Nullam eleifend ultrices ipsum eget pretium. Curabitur semper metus ut ante adipiscing nec volutpat sem rutrum. Nullam a nisi lacus, non interdum ante. Vivamus ante augue, commodo vel egestas sed, pharetra nec dui. Quisque sed tellus felis. Donec ipsum mauris, sagittis eu accumsan in, aliquam non ipsum.

Vestibulum tempor nunc nec felis scelerisque eget elementum erat dignissim. Ut vel ipsum mollis orci venenatis luctus. Aenean vehicula quam vel quam porttitor ac iaculis elit pulvinar. Proin consequat, ipsum eu venenatis semper, justo turpis posuere tortor, ac placerat metus nisl et lectus. Nulla cursus dui id nunc ullamcorper sed semper nisl lobortis. Aliquam erat volutpat. Phasellus arcu ante, imperdiet in ornare sed, laoreet eu massa.