UTM Up2Date 9.210 Released


A new Up2Date package for Sophos UTM is available as of today.
Besides many fixes for which you will find details below, this update further reduces risks from the POODLE vulnerability (CVE-2014-3566) through fixes for SMTP and POP3.

If you want to update to UTM 9.3 please also read our knowledgebase article to make sure you understand available upgrade paths.

Sophos UTM 9.210 – Details


  • Maintenance Release


  • System will be rebooted
  • Configuration will be upgraded
  • Connected Wifi APs will perform firmware upgrade


  • 27257 RED50 frequently reconnecting because configuring an Additional Address as UTM-Hostname is not supported
  • 27588 Unable to fetch POP3 accounts on iOS devices via POP3 Proxy
  • 27647 aua does not work with facility http while installing basic guard license
  • 27905 [BETA] log the mac addresses human readable with leading zeros in the packetfilter log
  • 28056 it’s not possible to view or download large log files in the webadmin because root partition is too small
  • 28400 Syslog not started after ipsbundle pattern installation
  • 28842 HA takeover if master reboots takes too much time
  • 28966 exceptions for Common Threat Filters do not work individually
  • 29412 Wireless Security Manager Role can’t accept new AP’s
  • 30800 [BETA] Some double byte characters aren’t filtered by DLP custom rule and AntiSpam Expressions filter.
  • 31083 Remote SSL VPN view is empty in printable configuration
  • 31340 rsyncd not started after switching to master mode (slave node hangs in syncing state)
  • 31387 ad-sid-sync.pl is executed even if AD sync is disabled
  • 31534 Wrong date in executive report
  • 31581 Up2date pattern rpm’s fails to install if hostname contains ‘/’ character.
  • 31859 Make http proxy handle uncompressed DNS responses
  • 32034 Full transparent AD SSO redirect URL request gets dropped by packetfilter
  • 32079 UMTS modem device hanging
  • 32097 High load after pattern installation [9.2]
  • 32190 Policy tester always returns “allowed” if warn page is proceeded once
  • 32391 UMTS interface doesn’t come up again after the speed changed from 4G to 3G
  • 32433 Not possible to delete VPN tunnel managed by SUM after use “cleanup object”
  • 32537 Guest login fails in transparent browser auth mode if “terms of use” confirmation is required
  • 32552 Quarantined mail will be quarantine again after release with the same reason
  • 32588 Can’t restore backup beacause of an undefined value
  • 32602 Web control policy not applying to endpoints
  • 32604 Special characters like umlauts didn’t work in passwords with reverse authentication for the WAF
  • 32607 Not possible to use virtual mac on lag interfaces
  • 32683 Can’t send a VPN Profile to the SMC if the Organization Name includes a umlaut
  • 32690 It’s not possible to use Subfolders for Remote Log File Archives over SMB on CIFS share
  • 32696 Hotspot: only one login possible per username for backend authentication hotspot
  • 32703 Multicast traffic problems after upgrading to SG430 and 9.204
  • 32711 Mail preview should display kyrilic or chinese chars too.
  • 32713 Console keyboard doesn’t work
  • 32726 Dashboard does not show Antivirus active protocols for HTTP/S
  • 32794 vpn-reporter.pl segfault in get_amazonvpc
  • 32805 NETDEV WATCHDOG: eth0 (tg3): transmit queue 0 timed out
  • 32832 Remote Syslog Server IPv6 support
  • 32837 vpn-reporter.pl segfaults, error 4 in libc-2.11.3.so
  • 32851 Device auth reports wrong client information
  • 32852 Any SSL traffic through HTTP proxy gets classified as “Sophos Portal” if a “Sophos Portal” AppCtrl rule exists
  • 32870 ad-sid-sync.pl fails to lookup trusted domains groups
  • 32940 SG550: Licensing does not work if module is relocated after installation
  • 32950 Configuring a whitelist in webfilter filter action appears in blacklist on UTM
  • 32957 winbindd died in kernel_vsyscall
  • 32969 Coredumps from reverseproxy after update to v9.206
  • 32972 IPS exception does not work for SID 18575
  • 32980 Remove RC4 from TLS ciphers in Exim
  • 33019 After upgrading to iOS 8 UTM does not recognize iOS anymore (Device-specific Authentication)
  • 33111 Group matching incorrect if user belongs to static and backend groups
  • 33277 [9.2] Add support for passthrough NTLM connection
  • 33307 Not possible to change TLS certificate
  • 33323 Using @ in hostname results in corrupt /etc/syslog-ng.conf
  • 33382 Config changes in IPsec remote access sometime causing a drop of established connections
  • 33429 AP100: Unable to authenticate with an SSID using a PSK with a dollar character
  • 33515 SMTP Vulnerability in SSL v3.0
  • 33516 POP3 Vulnerability in SSL v3.0
  • 33613 OS X HTTPS traffic identified as iOS
  • 33690: HTTP responses which contain malware and are delivered with “Content-Encoding: deflate” are not caught by virus scanners
Up2date link: ftp://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.209008-210020.tgz.gpg
Up2date MD5sum:  9489592f7b7bfbe44071e29bf7e3f851
File size:  ≈120MB

Up2Date Installation:

Sophos Up2Date technology makes it easy to upgrade your Sophos UTM to the latest version.
There are two ways to apply an already-downloaded Up2Date package to the system:

  1. Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the “Watch Up2Date Progress in new window” and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
  2. Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
Sophos UTM Up2Date FTP Mirrors:


  • If you want to provide feedback or want to discuss any of the UTM V9 features you should post it on our User Bulletin Board. Please indicate the version you are using to help us (and everyone helping you).
  • If you have any feedback on our help, manual, or any documentation (Online Help) please send it to nsg-documentations@sophos.com.
  • You are free to use our new demo server environment without hassle, nags, or registration. Enjoy!

Eric Bégoc
Senior Product Manager

Leave a Reply

Your email address will not be published. Required fields are marked *