Sophos UTM Update 9.401-11 is available!

You can download the new version directly from the FTP server:

u2d-sys-9.355001-401011.tgz.gpg (from 9.3 to 9.4)

u2d-sys-9.400009-401011.tgz.gpg (for already installed 9.4 update)


  • Features
  • Clientless SSO (STAS)
  • IPv6 Support for SSL VPN
  • Sandboxing for SMTP and Web
  • Support for new RED15w
  • Support for new SG Appliances SG85 and SG85w
  • Support for new 4x10G FP 1U network module
  • WAF persistent session cookies


  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade


NUTM-1764 [Access & Identity] 35675: First time connection always fails with ssl remote access vpn and remote auth
NUTM-1768 [Access & Identity] 35689: RED50: Loadbalancing does not work
NUTM-1771 [Access & Identity] 35809: Group membership is not updated when prefetching backend users
NUTM-1772 [Access & Identity] 35859: Some users are removed from all groups during update_ad_bg_members
NUTM-1927 [Access & Identity] 35957: ERROR: netlink response for Increase seq numbers HA SYSTEM included errno 3: No such process
NUTM-1928 [Access & Identity] 35446: Problems with OpenVPN v2.3.0 and Win8 when client awake from sleep or hibernation mode
NUTM-1941 [Access & Identity] 35474: AD group cache still contains obsolete group information after update_ad_bg_members.plx is executed
NUTM-1942 [Access & Identity] 35279: Option “Drop packets from blocked hosts” does not work correctly
NUTM-1943 [Access & Identity] 35269: Random auth-pop ups in with eDir SSO
NUTM-1944 [Access & Identity] 35459: Site2Site SSLVPN client fails to add routes after server restart
NUTM-1945 [Access & Identity] 35778: Sometimes SAA connection disconnect for 3 minutes
NUTM-1947 [Access & Identity] 35926: VPN Signing CA using encryption of 1024bit
NUTM-1949 [Access & Identity] 35353: Intermittend authentication failed messages during unstable SAA connection
NUTM-1950 [Access & Identity] 35606: French keyboard layout not detected in HTML5 portal RDP connections
NUTM-1951 [Access & Identity] 35602: Outdated perl-ldap -0.39 causing errors in
NUTM-1953 [Access & Identity] 35143: LT2P remote access – client get assigned an IP from the pool which is already in use
NUTM-1961 [Access & Identity] 35791: QoS not working with more than 600 applications in a traffic selector definition
NUTM-1964 [Access & Identity] 33657: Bridge: Error messages when you enable / disable an additional address on a bridge
NUTM-1965 [Access & Identity] 34496: Bridge + QoS: Bandwidth pools does not work
NUTM-2080 [Access & Identity] 36079: RED Management can’t be enabled if the organisation name includes umlauts
NUTM-2082 [Access & Identity] 36025: Cisco VPN remote access: XAUTH credentials and Certificate can be from different users
NUTM-2132 [Access & Identity] 36064: Regeneration of VPN Signing CA doesn’t work
NUTM-2451 [Access & Identity] 36225: HTML5 portal RDP session to Windows 8.1 doesn’t work
NUTM-2715 [Access & Identity] 36312: RED15 responds to public DNS requests
NUTM-2817 [Access & Identity] [BETA] Site2Site SSLVPN routes not used if more than 1 connection is up
NUTM-2850 [Access & Identity] [BETA] Site2Site Problem – more connections
NUTM-896 [Access & Identity] 34886: filter:FORWARD:rule will cause a conntrack entry without SYN
NUTM-501 [Basesystem] 33039: SNMPd reports wrong mac address
NUTM-2746 [Email] sandbox module generated many error log messages
NUTM-3038 [Email] [BETA] Rescanning a mail after releasing from quarantine does not work
NUTM-3484 [Email] SMTP Proxy does not start after update to 9.4 after takeover
NUTM-1170 [HA/Cluster] 35285: repctl fails to start on slave node – can’t use string (“reporting”) as a HASH ref
NUTM-1737 [HA/Cluster] 35814: UTM doesn’t respond to arp requests after HA gets disabled
NUTM-3340 [Network] ATP alerts can be caused by external UDP DNS traffic (can lead to massive amounts of ATP alerts)
NUTM-1770 [RED] 35855: RED: Kernel crash – decompression failed: -22
NUTM-1952 [RED] 25775: RED: add message to warn users if they add a MAC to the list which is used by RED
NUTM-2365 [RED] 36159: High CPU load from confd caused by overflow on RED devices
NUTM-2676 [RED] 36303: USB deployed RED10 devices loose their static wan config
NUTM-1067 [WAF] 34447: Issue with WAF Rev. Auth. and OTP
NUTM-2368 [WAF] 36061: Unable to upload attachements with IE to backend server via WAF
NUTM-2555 [WAF] 36251: XSS vulnerability in mod_url_hardening
NUTM-2556 [WAF] 36272: XSS vulnerability in mod_avscan
NUTM-2689 [WAF] 36190: High swap usage caused by reverse proxy
NUTM-2809 [WAF] 36373: Reverse authentication: AH01627: AuthType configured with no corresponding authorization directives
NUTM-3027 [WAF] Random Confd message “Undefined subroutine register_logout_urls”
NUTM-3365 [Web] Filename is not preserved for sandboxed file if Content-Disposition header is missing
NUTM-2141 [WiFi] 35969: Sometimes inconsistent logging if a user is connected via hotspot
NUTM-2591 [WiFi] 36278: Increase maximum number of access points (APs)
NUTM-3066 [WiFi] AP10/30/50 reboot loop
NUTM-3355 [WiFi] VLAN Fallback mechanism broken since 9.4
NUTM-3437 [WiFi] Mesh broken on AP50 after upgrade to 9.4 SR

this update solves my problem with RED15 devices: Device was online (green status in the WebAdmin) but no traffic between branch office and headquarter).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.