zurück zu Aktuelles

Sophos Version 9.300-5, 9.301-2, 9.302-2

vom 27. November 2014

Endlich ist das neue Sophos UTM Advantage (9.3) erschienen.


Security Release

Es ist ein neues Up2Date Paket verfügbar, nachfolgend stehen alle Infos zum Thema zur Verfügung.

Version 9.300-5

  • 9.300 GA Release
  • Main Features:
  • Web Filter: Time Quotas
  • Web Filter: Policy Tagging
  • Web Filter: Selective HTTPS Filtering

. SMTP/POP3 Proxy: Live AV Lookups in Sophos Antivirus

  • SMTP Proxy: SPX Self-Registration
  • SMTP Proxy: Support Attachments on Reply Portal
  • Network: Support for Multiple Bridges
  • Wifi: Various Hotspot Imporovements
  • Hardware: Support for new SG1xx series
  • Other Features:
  • Web Filter/SMTP Proxy: True File Type Detection
  • Application Control: IPv6 Support

. ATP: Scan DNS Traffic going through UTM

  • Network: DHCPv6 Relay
  • Network: DHCP for VLAN Interfaces
  • Network: Allow VLAN and non-VLAN Interfaces on same Hardware
  • WAF: IP-based Access Control
  • WAF: Wildcard Extension
  • WAF: Username Prefix and Suffix
  • Support: Sophos Customer Support Secure Access to UTM


  • System wird neugestartet
  • · Konfiguration wird verbessert
  • · Verbundene Wifi Aps werden das Update der Firmware übernehmen
  • Verbundene RED Geräte werden das Update der Firmware übernehmen


22468                    HTML5 iptables rule doesn’t match for IPSec-routed hosts

27257                    RED50 frequently reconnecting because configuring an Additional Address as UTM-Hostname is not supported

27588                    Unable to fetch POP3 accounts on iOS devices via POP3 Proxy

27750                    IPv6: Add support for DynDNS (Dyn & FreeDNS)

27905                    [BETA] log the mac addresses human readable with leading zeros in the packetfilter log

28056                    it’s not possible to view or download large log files in the webadmin because root partition is too small

28164                    OSPF and default route priority issues

28400                    Syslog not started after ipsbundle pattern installation

28842                    HA takeover if master reboots takes too much time

28966                    exceptions for Common Threat Filters do not work individually

29095                    [BETA] improve reporting filter naming for ATP

29412                    Wireless Security Manager Role can’t accept new AP’s

29963                    profile mode ‚monitor‘ does not work for Cookie signing

30008                    Problem with Remote IPsec access in case of ID type is ASN1 Distinguished Name and using static RAS IP

30254                    Import of non UTF-8 certificate breaks Webadmin access

30504                    Sometimes the sender_confd_profile is undefined in the profile object

30800                    [BETA] Some double byte characters aren’t filtered by DLP custom rule and AntiSpam Expressions filter.

30825                    IPv6: Add support for DHCPv6 ‚rapid commit‘

30851                    emailpki_generate_user fails if pkcs12 file contains a cert twice

31083                    Remote SSL VPN view is empty in printable configuration

31105                    DynDNS: Add support for interface strategy for FreeDNS

31116                    Performance and scalability improvements of HTTP proxy

31164                    [BETA] Routing domain wildcards aren’t working for SMTP profiles.

31337                    Too long hostname will break layout in dashboard

31340                    rsyncd not started after switching to master mode (slave node hangs in syncing state)

31373                    Form hardening exception match but doesn’t work

31387                    ad-sid-sync.pl is executed even if AD sync is disabled

31581                    Up2date pattern rpm’s fails to install if hostname contains ‚/‘ character.

31814                    nextgen-agent restarting permanently

31859                    Make http proxy handle uncompressed DNS responses

31992                    network range in network group shouldnt be allowed in allowed networks as per 21588

32012                    Postgres startup problem because pg_xlog files are missing

32034                    Full transparent AD SSO redirect URL request gets dropped by packetfilter

32079                    UMTS modem device hanging

32097                    High load after pattern installation [9.2]

32190                    Policy tester always returns „allowed“ if warn page is proceeded once

32237                    Release of IPsec Pool IPs not working

32286                    Sorting of APs in Webadmin

32391                    UTM interface doesn’t come up again after the speed changed from 4G to 3G

32433                    Not possible to delete VPN tunnel managed by SUM after use „cleanup object“

32537                    Guest login fails in transparent browser auth mode if „terms of use“ confirmation is required

32571                    [V9] Blocked HTTPS-Sites in Filter Action Mode ‚Blacklist‘ doesn’t match if Exception is matching on Categories

32588                    Can’t restore backup beacause of an undefined value

32602                    Web control policy not applying to endpoints

32604                    Special characters like umlauts didn’t work in passwords with reverse authentication for the WAF

32607                    Not possible to use virtual mac on lag interfaces

32683                    Can’t send a VPN Profile to the SMC if the Organization Name includes a umlaut

32690                    It’s not possible to use Subfolders for Remote Log File Archives over SMB on CIFS share

32696                    Hotspot: only one login possible per username for backend authentication hotspot

32703                    Multicast traffic problems after upgrading to SG430 and 9.204

32711                    Mail preview should display kyrilic or chinese chars too.

32713                    Console keyboard doesn’t work

32726                    Dashboard does not show Antivirus active protocols for HTTP/S

32794                    vpn-reporter.pl segfault in get_amazonvpc

32805                    NETDEV WATCHDOG: eth0 (tg3): transmit queue 0 timed out

32832                    Remote Syslog Server IPv6 support

32837                    vpn-reporter.pl segfaults, error 4 in libc-2.11.3.so

32851                    Device auth reports wrong client information

32852                    Any SSL traffic through HTTP proxy gets classified as „Sophos Portal“ if a „Sophos Portal“ AppCtrl rule exists

32870                    ad-sid-sync.pl fails to lookup trusted domains groups

32940                    SG550: Licensing does not work if module is relocated after installation

32950                    Configuring a whitelist in webfilter filter action appears in blacklist on UTM

32957                    winbindd died in kernel_vsyscall

32969                    Coredumps from reverseproxy after update to v9.206

32972                    IPS exception does not work for SID 18575

32980                    Remove RC4 from TLS ciphers in Exim

33019                    After upgrading to iOS 8 UTM does not recognize iOS anymore (Device-specific Authentication)

33095                    RED50 frequently reconnecting because configuring an Additional Address as UTM-Hostname is not supported [9.3]

33111                    Group matching incorrect if user belongs to static and backend groups

33277                    [9.2] Add support for passthrough NTLM connection

33307                    Not possible to change TLS certificate

33323                    Using @ in hostname results in corrupt /etc/syslog-ng.conf

33382                    Config changes in IPsec remote access sometime causing a drop of established connections

33429                    AP100: Unable to authenticate with an SSID using a PSK with a dollar character

33515                    SMTP Vulnerability in SSL v3.0

33613                    OS X HTTPS traffic identified as iOS


Version 9.301-2

Bugfix Update


  • System wird neugestartet
  • · Konfiguration wird verbessert
  • · Verbundene Wifi Aps werden das Update der Firmware übernehmen



33743                    Wifi: after upgrade from 9.2 -> 9.3 awe_status is 0

33746                    psk and ssid with a \ are wrong in confd

33751                    Bridge without Address lost after Upgrade from 9.2x to 9.300

33760                    ipsec: dying Middleware with Bridge configured


Version 9.302-2

Bugfix Update


  • System wird neugestartet
  • · Konfiguration wird verbessert
  • · Verbundene Wifi Aps werden das Update der Firmware übernehmen


33655                    Special characters in SSID lead to an awed crash [9.3]

33766                    Slave stays in „syncing“ state after update to 9.300

33824                    Wifi: rt2x00queue_write_tx_frame: Error – Dropping frame due to full tx queue 2