You know the old saying, “The rich get richer”? Well, our UTM 9 platform is feature rich, but every year we pack more and more features into it. This year is no exception with our UTM 9.6 release.
Here’s what’s included in UTM 9.6
Let’s Encrypt integration
- Generate and renew Let’s Encrypt certificates from within the UTM
- Generated certificates can be used in all UTM components
Web Application Firewall (WAF) page customization
- Custom themes for all error pages that are delivered via the WAF
- Enables the use of a custom corporate identity on all pages
Manual Sandstorm submission
- Allows an admin to upload a file for detonation within Sophos Sandstorm
- Files that have not been received via email or web download can also be analyzed with Sophos Sandstorm
Persistent Sandstorm reports
- Enhanced reporting for Sandstorm activity over time and with historic information
- Reporting also covers hash lookup based results from Sophos Sandstorm
Other enhancements
- Unified RED firmware with improved 3G/4G support
- Submission port support in SMTP proxy
- Configurable listen address in SMTP proxy
- New advanced thread protection library with better performance and protection
The full release notes can be found on the Sophos Community.
How to get it
The release will be rolled out automatically in phases over the coming weeks. For anyone that wants the latest and greatest now, you can download the latest firmware yourself.
If you have any questions, check out the Sophos UTM 9 Community Forums.
Anonymous
No IKEv2?
Chris McCormack
Hi, adding IKEv2 support would have significantly delayed v9.6. It may be considered for a future release. IKEv2 support is available in XG Firewall.
Anonymous
I am sorry to say that i have evaluated XG but it does not have the VPN capabilities of SG. In order to nat multiple networks to one we have to add static route via CLI towards the ipsec interface. IF you have more than 40 VPN Tunnels is just annoying.
IKEv2 is a ten year feature request for SG, For me, that i use Sophos from Version v.7.xx (Astaro) is very disappointing to see a great product such SG to be overthrown in development by XG.
Please read the forums . XG(a nice version of Cyberoam) has years of development to be like SG in stability and flexibility.Yes XG has Intercept X and a very good filtering, but in everyday use with a complicated environment is where SG shines.
So i am asking you will SG ever receive IKEv2?
Chris McCormack
Thank you for your feedback. It will be considered for a future release.
Arno Nymous
I truly hope one of the considerations will the fact that you’re still running a 2010 version of StrongSwan in in the latest versions of UTM. StrongSwan with IKEv2 support got available in 2012. That’s about 7 years ago. (To me that makes the “adding IKEv2 support would have significantly delayed v9.6” argument less strong)
Another consideration will hopefully be the fact that it’s being requested for so long, by so many customers.
Peter
What about IPv6 DHCPv6-PD? I’ve read, that this basic ipv6 functionality is still not available in sophos firewalls. Is this true? And if it’s true, when will it be implemented?
We are interested in sophos firewalls, because we are using pfsense.
Chris McCormack
Hi Peter, we have this option in UTM 9 and are working on bringing it to XG.
James Torres
I have 4 Sophos UTM firewalls and I have been waiting for version 9.6 to support IKEv2, but I see that I still do not support it, therefore I will be forced to change brands. I would not recommend more Sophos.
Les Carter
I echo that James. I renewed with Sophos over 18 months ago based on IKEv2 support “was coming”. To hear that it may now never come is truly disappointing and I need to switch brands also.
Anton
Dear Sophos,
Just listen to the tech guys that are using sophos sg for years. Sophos XG has many years of dev to be as good as SG. Dont give up SG. Give us at least IKEv2. JUST LISTEN.