Network Guys

Share your knowledge!

Sophos UTM elevated 9.4 soft-release

Sophos released the UTM update 9.4. You can upload the file via WebAdmin or via shell

cd /var/up2date/sys


auisys.plx –showdesc


  • Clientless SSO (STAS)
  • IPv6 Support for SSL VPN
  • Sandboxing for SMTP and Web
  • Support for new RED15w
  • Support for new SG Appliances SG85 and SG85w
  • Support for new 4x10G FP 1U network module
  • WAF persistent session cookies


  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade


NUTM-1764 [Access & Identity] 35675: First time connection always fails with ssl remote access vpn and remote auth
NUTM-1768 [Access & Identity] 35689: RED50: Loadbalancing does not work
NUTM-1771 [Access & Identity] 35809: Group membership is not updated when prefetching backend users
NUTM-1772 [Access & Identity] 35859: Some users are removed from all groups during update_ad_bg_members
NUTM-1927 [Access & Identity] 35957: ERROR: netlink response for Increase seq numbers HA SYSTEM included errno 3: No such process
NUTM-1928 [Access & Identity] 35446: Problems with OpenVPN v2.3.0 and Win8 when client awake from sleep or hibernation mode
NUTM-1941 [Access & Identity] 35474: AD group cache still contains obsolete group information after update_ad_bg_members.plx is executed
NUTM-1942 [Access & Identity] 35279: Option “Drop packets from blocked hosts” does not work correctly
NUTM-1943 [Access & Identity] 35269: Random auth-pop ups in with eDir SSO
NUTM-1944 [Access & Identity] 35459: Site2Site SSLVPN client fails to add routes after server restart
NUTM-1945 [Access & Identity] 35778: Sometimes SAA connection disconnect for 3 minutes
NUTM-1947 [Access & Identity] 35926: VPN Signing CA using encryption of 1024bit
NUTM-1949 [Access & Identity] 35353: Intermittend authentication failed messages during unstable SAA connection
NUTM-1950 [Access & Identity] 35606: French keyboard layout not detected in HTML5 portal RDP connections
NUTM-1951 [Access & Identity] 35602: Outdated perl-ldap -0.39 causing errors in
NUTM-1953 [Access & Identity] 35143: LT2P remote access – client get assigned an IP from the pool which is already in use
NUTM-1961 [Access & Identity] 35791: QoS not working with more than 600 applications in a traffic selector definition
NUTM-1964 [Access & Identity] 33657: Bridge: Error messages when you enable / disable an additional address on a bridge
NUTM-1965 [Access & Identity] 34496: Bridge + QoS: Bandwidth pools does not work
NUTM-2080 [Access & Identity] 36079: RED Management can’t be enabled if the organisation name includes umlauts
NUTM-2082 [Access & Identity] 36025: Cisco VPN remote access: XAUTH credentials and Certificate can be from different users
NUTM-2132 [Access & Identity] 36064: Regeneration of VPN Signing CA doesn’t work
NUTM-2451 [Access & Identity] 36225: HTML5 portal RDP session to Windows 8.1 doesn’t work
NUTM-2715 [Access & Identity] 36312: RED15 responds to public DNS requests
NUTM-2817 [Access & Identity] [BETA] Site2Site SSLVPN routes not used if more than 1 connection is up
NUTM-2850 [Access & Identity] [BETA] Site2Site Problem – more connections
NUTM-896 [Access & Identity] 34886: filter:FORWARD:rule will cause a conntrack entry without SYN
NUTM-501 [Basesystem] 33039: SNMPd reports wrong mac address
NUTM-2746 [Email] sandbox module generated many error log messages
NUTM-3038 [Email] [BETA] Rescanning a mail after releasing from quarantine does not work
NUTM-1170 [HA/Cluster] 35285: repctl fails to start on slave node – can’t use string (“reporting”) as a HASH ref
NUTM-1737 [HA/Cluster] 35814: UTM doesn’t respond to arp requests after HA gets disabled
NUTM-1770 [RED] 35855: RED: Kernel crash – decompression failed: -22
NUTM-1952 [RED] 25775: RED: add message to warn users if they add a MAC to the list which is used by RED
NUTM-2365 [RED] 36159: High CPU load from confd caused by overflow on RED devices
NUTM-2676 [RED] 36303: USB deployed RED10 devices loose their static wan config
NUTM-1067 [WAF] 34447: Issue with WAF Rev. Auth. and OTP
NUTM-2368 [WAF] 36061: Unable to upload attachements with IE to backend server via WAF
NUTM-2555 [WAF] 36251: XSS vulnerability in mod_url_hardening
NUTM-2556 [WAF] 36272: XSS vulnerability in mod_avscan
NUTM-2689 [WAF] 36190: High swap usage caused by reverse proxy
NUTM-2809 [WAF] 36373: Reverse authentication: AH01627: AuthType configured with no corresponding authorization directives
NUTM-3027 [WAF] Random Confd message “Undefined subroutine register_logout_urls”
NUTM-2141 [WiFi] 35969: Sometimes inconsistent logging if a user is connected via hotspot
NUTM-2591 [WiFi] 36278: Increase maximum number of access points (APs)
NUTM-3066 [WiFi] AP10/30/50 reboot loop


The files are available on the FTP server:

FTP Download

HTTP Download

4 Responses

  1. Hi Toupman,

    ja ich habe es jetzt in der Firma hochgeladen. Aber eine Node blieb auf RESERVED und syncte nicht mehr. Hab dann die RESERVED Node restarted und nach dem Update der Slave war auch alles wieder in Ordnung. Funktioniert bissher alles ohne Probleme und man kann mit aktivierter Sandstorm Lizenz die Funktion aktivieren.

Leave a Reply

Click on the button to load the content from

Load content

This site uses Akismet to reduce spam. Learn how your comment data is processed.


ekahau Certified Survey Engineer
Post Categories
Post Archives