NetworkingSophos UTMTech Tips

Sophos UTM 9.508 Released

Sophos have released UTM 9.508. The release will be rolled out in phases. In phase 1 you can download the update package from the FTP server, in phase 2 it will be spread via the Up2Date servers.

Note: When installing the update packages manually, please make sure to upload both update packages 9.507 and 9.508.

Up2Date Information


  • Maintenance Release


  • System will be rebooted
  • Configuration will be upgraded
  • Connected APs will perform firmware upgrade


  • NUTM-8739 [Access & Identity] Argos segfault and coredump after update to v9.502
  • NUTM-9164 [Access & Identity] SSLVPN installation packages fail to copy user profile during installation
  • NUTM-9344 [Access & Identity] All users are locked when a lockout policy via GPO was set
  • NUTM-9047 [Basesystem] VLAN interface on the bridge doesn’t come up when slave becomes the master
  • NUTM-9296 [Configuration Management] Report Auditor is unable to open the dashboard in UTM
  • NUTM-9397 [Configuration Management] Log Remote Archiving via SCP fails when used with OpenSSH >= 7.0
  • NUTM-9497 [Documentation] ATP – Invalid status display on Webadmin for Japanese,Russian,Spanish language
  • NUTM-4174 [Email] POP3 spool cleanup does not work
  • NUTM-8794 [Email] Wrong MIME Type detection
  • NUTM-8937 [Email] Upgrade SMIME
  • NUTM-9046 [Email] SPX binary error with Office365
  • NUTM-9098 [Email] Mail stuck in work queue
  • NUTM-9252 [Email] Patch Exim for CVE-2014-2972 and CVE-2016-9963
  • NUTM-9259 [Email] POP3 Proxy coredump in “libc_start_main”
  • NUTM-9337 [Email] Selecting an AD Server for AD Recipient Verification in SMTP isn’t possible after update to v9.506
  • NUTM-9382 [Email] WebAdmin user not able to disable the “Recipient Verification” in SMTP Routing
  • NUTM-9303 [HA/Cluster] HA “max_nodes” option set to 3 causes named to fail to start
  • NUTM-9405 [HA/Cluster] Interface MAC addresses shouldn’t get replicated on slave node if virtual_mac is set to 0
  • NUTM-3497 [Network] BGP soft-reconfiguration not working
  • NUTM-8118 [Network] After upgrading to 9.500 “Service Monitor not running – restarted” notifications being received
  • NUTM-8432 [Network] Local Privilege Escalation via confd Service
  • NUTM-8604 [Network] Changing a bridge IP address causes bridge to go down when using vlans
  • NUTM-8887 [Network] DNS group objects doesn’t delete old IP addresses
  • NUTM-9064 [Network] Network monitoring daemon constantly restarts since upgrade to 9.503
  • NUTM-9177 [Network] Disabled static routes are being put into the routing table
  • NUTM-9465 [Network] Wrong/Old IPv6 Tunnel Broker URLs in Webadmin
  • NUTM-8759 [Sandboxd] Add support for Sandstorm’s Asia data centre
  • NUTM-9006 [UI Framework] Not possible to download different SSLVPN User Profiles in one Firefox session
  • NUTM-6955 [WebAdmin] Error text appears in dialog when trying to view user object usage
  • NUTM-8567 [WebAdmin] Update to ImageMagick-7.0.7-11
  • NUTM-9116 [WebAdmin] Object information can’t be displayed for specific objects
  • NUTM-9128 [WebAdmin] PCI Scan failing on UserPortal due to missing HSTS and CSP
  • NUTM-9430 [WebAdmin] Issue with X-Content-Type-Options header presented by UTM
  • NUTM-7201 [Web] HTTP Proxy connections hang in CLOSE_WAIT state
  • NUTM-8638 [Web] Add group visibility in log with unlimited AD groups
  • NUTM-8746 [Web] After changing group membership, old one is still available from winbind
  • NUTM-8886 [Web] TLS Input/output error when connecting to web site
  • NUTM-9113 [Web] HTTP Proxy coredump on 9.505
  • NUTM-9166 [Web] HTTP Proxy coredump on function deny_ntlm_auth
  • NUTM-9332 [Web] DNSExpire coredump causes slow browsing
  • NUTM-9416 [Web] HTTP Proxy coredump on 9.506 with signal SIGFPE Arithmetic Exception
  • NUTM-3127 [Wireless] AP55/100 connection issues – disconnected due to excessive missing ACKs
  • NUTM-6640 [Wireless] Fix visibility of Fast Transition option in different security modes
  • NUTM-7013 [Wireless] Frequent disconnects on guest wifi network after >1 week
  • NUTM-8243 [Wireless] Update dropbear SSH Server to fix CVE-2016-7409, CVE-2016-7408, CVE-2016-7407, CVE-2016-7406
  • NUTM-8299 [Wireless] UTM stops broadcasting SSIDs for the built-in wireless after upgrade to 9.5
  • NUTM-8781 [Wireless] W-appliance – wireless network connection issue with Bridge to AP LAN
  • NUTM-8827 [Wireless] Internal wireless not broadcasting SSID after updating to 9.503
  • NUTM-8832 [Wireless] Integrated wireless adapter can be deleted
  • NUTM-8930 [Wireless] Unable to see the SSID and connect to local wifi on 2.4 Ghz band
  • NUTM-8940 [Wireless] kernel: [ xxxx.xxxxx] CPU: 0 PID: 13902 Comm: iw Tainted: G W O 3.12.74-0.265397234.g263c982.rb6-smp64 #1
  • NUTM-8945 [Wireless] SG115w SSID not broadcasted since updated to 9.503


Up2Date Information for Wireless Firmware 11.0.003

As part of UTM 9.508, the wireless firmware is updated to 11.0.003.


    • NUTM-9338 [Wireless] Client is not getting disconnected if MAC address is removed from whitelist


Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.