Sophos Utm 9.7

Sophos has, after a very short EAP (Beta), released 9.7 as GA, this is what it contains and here it how to download it – it will be rolled out in phases:

Today we’ve released UTM 9.702 The release will be rolled out in phases. In phase 1 you can download the update package from our download server, in phase 2 we will spread it via our Up2Date servers. Up2Date Information News Maintenance Release Remarks System will be rebooted Connected REDs will perform firmware upgrade Issues Resolved NUTM-11688 REDFirmware RED50 flash courruption fixes. Configuration the Sophos UTM is easy in 12 steps. This perform basic setup for a computer in LAN go out internet through UTM. Important Step noted: Setup WAN interface and Default Gateway (step 6) Setup DNS forwarder (step 7) Setup Firewall Rule (step 8) Setup NAT Masquerading (step 9) Option for setup DHCP server.

In phase 1 you can download the update package from the download area.
In phase 2 we will make it available via our Up2Date servers in several stages.
In phase 3 we will make it available via our Up2Date servers to all remaining installations.

Support for new APX Access Points
In addition to the legacy AP series access points, UTM 9.7 brings support for the newer Wave 2 APX series access points which can now also be added and managed with UTM 9. This includes support for APX 120, APX 320, APX 530 and APX 740.
Certificate Chain support for WebAdmin and UserPortal
Full certificate chains that are uploaded to UTM for use with WebAdmin and/or UserPortal will no longer be split but will be delivered in full when accessing WebAdmin and/or UserPortal and web browsers will no longer display warnings for these certificates.
Certificate Chain Support for WebProxy
When using an intermediate certificate to sign HTTPS decryption certificates in WebProxy, WebProxy will now build and return a full certificate chain for the generated certificate to avoid browsers showing a warning when not explicitly trusting the intermediate certificate. The root certificate has to be available within the verification CAs.
New RED Site 2 Site Protocol
RED Site 2 Site connections in UTM will now use the same protocol used within XG Firewall for RED Site 2 Site connections. This removes the need to specify legacy RED site 2 site connections in XG Firewall and provides enhancements to the RED site 2 site implementation in UTM.
Retirement of UTM Endpoint Management
As announced with UTM 9.6, UTM endpoint management will be end of life by the end of this year. UTM 9.7 will no longer include the option for Endpoint Management for the UTM Managed Endpoints, Sophos SEC integration is still part of UTM 9.7.

9.7 EAP1 to 9.7 GA

News

Features Release
.
Support for new APX AccessPoints
Certificate Chain support for WebAdmin and UserPortal
Certificate Chain Support for WebProxy
New RED Site 2 Site Protocol
Retirement of UTM Endpoint Management

Remarks

System will be rebooted
Configuration will be upgraded

Bugfixes

NUTM-10485 [Email] POP3 E-Mail blocked message won’t be displayed properly in some MS Outlook versions
NUTM-11141 [Sandstorm] Add support for Sandstorm’s Frankfurt data centre
NUTM-11162 [WAF] Authentication through WAF with URL hardening enabled and umlaut in password fails
NUTM-11202 [Web] Conform to Apple’s new certificate requirements introduced in iOS13 and macOS10.15

Sophos Utm 9.705-3

9.6 MR5 to 9.7 GA

News

Features Release
.
Support for new APX AccessPoints
Certificate Chain support for WebAdmin and UserPortal
Certificate Chain Support for WebProxy
New RED Site 2 Site Protocol
Retirement of UTM Endpoint Management

Remarks

System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade
Connected Wifi APs will perform firmware upgrade

Bugfixes

NUTM-10804 [Access & Identity] strongSwan vulnerability fix (CVE-2010-2628, CVE-2018-17540)
NUTM-10485 [Email] POP3 E-Mail blocked message won’t be displayed properly in some MS Outlook versions
NUTM-10745 [Email] Quarantine mail older than 14 days are not getting removed
NUTM-10958 [Email] Quarantined SPX Mails which are released are still available on UTM
NUTM-10192 [RED] Patch OpenSSL (CVE-2018-0732)
NUTM-11141 [Sandstorm] Add support for Sandstorm’s Frankfurt data centre
NUTM-10454 [WAF] SAVI integration doesn’t support scanning files larger than 2GB
NUTM-10873 [WAF] Underscore in DNS-Hostname makes WAF unusable
NUTM-11162 [WAF] Authentication through WAF with URL hardening enabled and umlaut in password fails
NUTM-11202 [Web] Conform to Apple’s new certificate requirements introduced in iOS13 and macOS10.15

Download

While the release is in soft-release phase, you can find the Up2Date package at:

If you are already running 9.7 EAP1, please use the following package:

Configuration the Sophos UTM is easy in 12 steps. This perform basic setup for a computer in LAN go out internet through UTM.

Youtube 2 mp3 320kbps. Important Step noted:

Setup WAN interface and Default Gateway (step 6)
Setup DNS forwarder (step 7)
Setup Firewall Rule (step 8)
Setup NAT Masquerading (step 9)
Option for setup DHCP server

STEP 1: Go to Webadmin by default IP address:

Sophos UTM hardware default IP: https://192.168.0.1:4444

Sophos UTM Software default IP: https://192.168.2.100:4444

In this example: https://192.168.88.254:4444

See more in Sophos UTM Software/hardware Appliance Quick Start Guide

STEP 2: Enter Administrator Contact and Password

Click APPLY and waiting for some second

STEP 3: Go to again Webadmin with new certificate

You will be noticed the Certificate error, and Add Exception for this.

STEP 4: Login to Webadmin with new password

STEP 5: Cancel the Wizard

Click “Cancel” button in bottom of Wizard Majoras mask 3ds update.

You will see the dashboard of Sophos UTM

STEP 6: Add WAN Interface

Go to “Interfaces & Routing” -> “Interfaces” -> click “New Interface”

· Name: WAN

· Type: Ethernet

· Hardware: choose the hardware interface connect to Router/Modem of ISP

· IPv4 Default Gateway: Checked

Click “SAVE” and you will see the new interface which is disabled

Click enable button to enable the WAN Interface

STEP 7: Setup DNS

Add Google or Public DNS to DNS forwarders

STEP 8: Setup Firewall Rule

Go to Network Protection -> Firewall

Default No rule and all traffic is blocked.

Click New Rule Button

· Sources: Internal Network Get the guy matthew hussey pdf online, free.

· Services: ANY (or Some Services)

· Destinations: ANY

· Action: Allow

· Advanced: Log Traffic checked

Enable the new firewall Rule

STEP 9: NAT

Go to Network Protection -> NAT -> Masquerading

· Network: Internal (Network)

· Interface: WAN

· Use address: Primary address

Enable the new Masquerading Rule

STEP 10: Enable Advanced Threat Protection

Go to Network Protection -> Advanced Threat Protection -> Click Enable button (Grey to Green)

STEP 11: Enable Intrusion Prevention System

Go to Network Protection -> Intrusion Prevention -> Click Enable button (Grey button in the right).

Add the Internal (Network) to Local Network box -> Click Apply.

Sophos Utm 9.7 Pro

Enable Anti-Portscan

STEP 12: Check the Firewall Live Log

Go to Network Protection -> Firewall

Click “Open Live Log” button

· Green line: traffic allow through firewall

· Red line: traffic deny through firewall

Option STEP: DHCP Server (if needed)

Go to Network Services -> DHCP -> Click “New DHCP Server” button.

· Interface: Internal

Sophos Utm 9.703

Done!

9.7 EAP1 to 9.7 GA

News

Remarks

Bugfixes

Sophos Utm 9.705-3

9.6 MR5 to 9.7 GA

News

Remarks

Bugfixes

Download

Related Posts

STEP 1: Go to Webadmin by default IP address:

STEP 2: Enter Administrator Contact and Password

STEP 3: Go to again Webadmin with new certificate

STEP 4: Login to Webadmin with new password

STEP 5: Cancel the Wizard

STEP 6: Add WAN Interface

STEP 7: Setup DNS

STEP 8: Setup Firewall Rule

STEP 9: NAT

STEP 10: Enable Advanced Threat Protection

STEP 11: Enable Intrusion Prevention System

Sophos Utm 9.7 Pro

STEP 12: Check the Firewall Live Log

Option STEP: DHCP Server (if needed)

Sophos Utm 9.703