Network Guys

Share your knowledge!

Sophos UTM Update 9.401-11 is available!

You can download the new version directly from the FTP server:

u2d-sys-9.355001-401011.tgz.gpg (from 9.3 to 9.4)

u2d-sys-9.400009-401011.tgz.gpg (for already installed 9.4 update)


  • Features
  • Clientless SSO (STAS)
  • IPv6 Support for SSL VPN
  • Sandboxing for SMTP and Web
  • Support for new RED15w
  • Support for new SG Appliances SG85 and SG85w
  • Support for new 4x10G FP 1U network module
  • WAF persistent session cookies


  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade


NUTM-1764 [Access & Identity] 35675: First time connection always fails with ssl remote access vpn and remote auth
NUTM-1768 [Access & Identity] 35689: RED50: Loadbalancing does not work
NUTM-1771 [Access & Identity] 35809: Group membership is not updated when prefetching backend users
NUTM-1772 [Access & Identity] 35859: Some users are removed from all groups during update_ad_bg_members
NUTM-1927 [Access & Identity] 35957: ERROR: netlink response for Increase seq numbers HA SYSTEM included errno 3: No such process
NUTM-1928 [Access & Identity] 35446: Problems with OpenVPN v2.3.0 and Win8 when client awake from sleep or hibernation mode
NUTM-1941 [Access & Identity] 35474: AD group cache still contains obsolete group information after update_ad_bg_members.plx is executed
NUTM-1942 [Access & Identity] 35279: Option “Drop packets from blocked hosts” does not work correctly
NUTM-1943 [Access & Identity] 35269: Random auth-pop ups in with eDir SSO
NUTM-1944 [Access & Identity] 35459: Site2Site SSLVPN client fails to add routes after server restart
NUTM-1945 [Access & Identity] 35778: Sometimes SAA connection disconnect for 3 minutes
NUTM-1947 [Access & Identity] 35926: VPN Signing CA using encryption of 1024bit
NUTM-1949 [Access & Identity] 35353: Intermittend authentication failed messages during unstable SAA connection
NUTM-1950 [Access & Identity] 35606: French keyboard layout not detected in HTML5 portal RDP connections
NUTM-1951 [Access & Identity] 35602: Outdated perl-ldap -0.39 causing errors in
NUTM-1953 [Access & Identity] 35143: LT2P remote access – client get assigned an IP from the pool which is already in use
NUTM-1961 [Access & Identity] 35791: QoS not working with more than 600 applications in a traffic selector definition
NUTM-1964 [Access & Identity] 33657: Bridge: Error messages when you enable / disable an additional address on a bridge
NUTM-1965 [Access & Identity] 34496: Bridge + QoS: Bandwidth pools does not work
NUTM-2080 [Access & Identity] 36079: RED Management can’t be enabled if the organisation name includes umlauts
NUTM-2082 [Access & Identity] 36025: Cisco VPN remote access: XAUTH credentials and Certificate can be from different users
NUTM-2132 [Access & Identity] 36064: Regeneration of VPN Signing CA doesn’t work
NUTM-2451 [Access & Identity] 36225: HTML5 portal RDP session to Windows 8.1 doesn’t work
NUTM-2715 [Access & Identity] 36312: RED15 responds to public DNS requests
NUTM-2817 [Access & Identity] [BETA] Site2Site SSLVPN routes not used if more than 1 connection is up
NUTM-2850 [Access & Identity] [BETA] Site2Site Problem – more connections
NUTM-896 [Access & Identity] 34886: filter:FORWARD:rule will cause a conntrack entry without SYN
NUTM-501 [Basesystem] 33039: SNMPd reports wrong mac address
NUTM-2746 [Email] sandbox module generated many error log messages
NUTM-3038 [Email] [BETA] Rescanning a mail after releasing from quarantine does not work
NUTM-3484 [Email] SMTP Proxy does not start after update to 9.4 after takeover
NUTM-1170 [HA/Cluster] 35285: repctl fails to start on slave node – can’t use string (“reporting”) as a HASH ref
NUTM-1737 [HA/Cluster] 35814: UTM doesn’t respond to arp requests after HA gets disabled
NUTM-3340 [Network] ATP alerts can be caused by external UDP DNS traffic (can lead to massive amounts of ATP alerts)
NUTM-1770 [RED] 35855: RED: Kernel crash – decompression failed: -22
NUTM-1952 [RED] 25775: RED: add message to warn users if they add a MAC to the list which is used by RED
NUTM-2365 [RED] 36159: High CPU load from confd caused by overflow on RED devices
NUTM-2676 [RED] 36303: USB deployed RED10 devices loose their static wan config
NUTM-1067 [WAF] 34447: Issue with WAF Rev. Auth. and OTP
NUTM-2368 [WAF] 36061: Unable to upload attachements with IE to backend server via WAF
NUTM-2555 [WAF] 36251: XSS vulnerability in mod_url_hardening
NUTM-2556 [WAF] 36272: XSS vulnerability in mod_avscan
NUTM-2689 [WAF] 36190: High swap usage caused by reverse proxy
NUTM-2809 [WAF] 36373: Reverse authentication: AH01627: AuthType configured with no corresponding authorization directives
NUTM-3027 [WAF] Random Confd message “Undefined subroutine register_logout_urls”
NUTM-3365 [Web] Filename is not preserved for sandboxed file if Content-Disposition header is missing
NUTM-2141 [WiFi] 35969: Sometimes inconsistent logging if a user is connected via hotspot
NUTM-2591 [WiFi] 36278: Increase maximum number of access points (APs)
NUTM-3066 [WiFi] AP10/30/50 reboot loop
NUTM-3355 [WiFi] VLAN Fallback mechanism broken since 9.4
NUTM-3437 [WiFi] Mesh broken on AP50 after upgrade to 9.4 SR

this update solves my problem with RED15 devices: Device was online (green status in the WebAdmin) but no traffic between branch office and headquarter).

Leave a Reply

Click on the button to load the content from

Load content

This site uses Akismet to reduce spam. Learn how your comment data is processed.


ekahau Certified Survey Engineer
Post Categories
Post Archives