Hi Everyone,

Today we've started to release UTM 9.700. The release will be rolled out in phases.

In phase 1 you can download the update package from the download area.

In phase 2 we will make it available via our Up2Date servers in several stages.

In phase 3 we will make it available via our Up2Date servers to all remaining installations.

What's new in UTM 9.7?

Support for new APX Access Points

In addition to the legacy AP series access points, UTM 9.7 brings support for the newer Wave 2 APX series access points which can now also be added and managed with UTM 9. This includes support for APX 120, APX 320, APX 530 and APX 740.

In addition to the legacy AP series access points, UTM 9.7 brings support for the newer Wave 2 APX series access points which can now also be added and managed with UTM 9. This includes support for APX 120, APX 320, APX 530 and APX 740. Certificate Chain support for WebAdmin and UserPortal

Full certificate chains that are uploaded to UTM for use with WebAdmin and/or UserPortal will no longer be split but will be delivered in full when accessing WebAdmin and/or UserPortal and web browsers will no longer display warnings for these certificates.

Certificate Chain Support for WebProxy

When using an intermediate certificate to sign HTTPS decryption certificates in WebProxy, WebProxy will now build and return a full certificate chain for the generated certificate to avoid browsers showing a warning when not explicitly trusting the intermediate certificate. The root certificate has to be available within the verification CAs.

New RED Site 2 Site Protocol

RED Site 2 Site connections in UTM will now use the same protocol used within XG Firewall for RED Site 2 Site connections. This removes the need to specify legacy RED site 2 site connections in XG Firewall and provides enhancements to the RED site 2 site implementation in UTM.

Retirement of UTM Endpoint Management

As announced with UTM 9.6, UTM endpoint management will be end of life by the end of this year. UTM 9.7 will no longer include the option for Endpoint Management for the UTM Managed Endpoints, Sophos SEC integration is still part of UTM 9.7.

9.6 MR5 (9.605-1) to 9.7 GA (9.700-5)



News

Features Release

.

Support for new APX AccessPoints

Certificate Chain support for WebAdmin and UserPortal

Certificate Chain Support for WebProxy

New RED Site 2 Site Protocol

Retirement of UTM Endpoint Management

Remarks

System will be rebooted

Configuration will be upgraded

Connected REDs will perform firmware upgrade

Connected Wifi APs will perform firmware upgrade

Bugfixes

NUTM-10804 [Access & Identity] strongSwan vulnerability fix (CVE-2010-2628, CVE-2018-17540)

NUTM-10485 [Email] POP3 E-Mail blocked message won't be displayed properly in some MS Outlook versions

NUTM-10745 [Email] Quarantine mail older than 14 days are not getting removed

NUTM-10958 [Email] Quarantined SPX Mails which are released are still available on UTM

NUTM-10192 [RED] Patch OpenSSL (CVE-2018-0732)

NUTM-11141 [Sandstorm] Add support for Sandstorm's Frankfurt data centre

NUTM-10454 [WAF] SAVI integration doesn't support scanning files larger than 2GB

NUTM-10873 [WAF] Underscore in DNS-Hostname makes WAF unusable

NUTM-11162 [WAF] Authentication through WAF with URL hardening enabled and umlaut in password fails

NUTM-11202 [Web] Conform to Apple's new certificate requirements introduced in iOS13 and macOS10.15

9.7 EAP1 (9.670-4) to 9.7 GA (9.700-4)



News

Features Release

.

Support for new APX AccessPoints

Certificate Chain support for WebAdmin and UserPortal

Certificate Chain Support for WebProxy

New RED Site 2 Site Protocol

Retirement of UTM Endpoint Management

Remarks

System will be rebooted

Configuration will be upgraded

Bugfixes

NUTM-10485 [Email] POP3 E-Mail blocked message won't be displayed properly in some MS Outlook versions

NUTM-11141 [Sandstorm] Add support for Sandstorm's Frankfurt data centre

NUTM-11162 [WAF] Authentication through WAF with URL hardening enabled and umlaut in password fails

NUTM-11202 [Web] Conform to Apple's new certificate requirements introduced in iOS13 and macOS10.15

9.7 GA (9.700-4) to 9.7 GA (9.700-5)



News

GA Release

Remarks

System will be rebooted

Bugfixes

NUTM-11273 [RED] RED Site-2-Site inoperable after update from 9.6 to 9.7

While the release is in soft-release phase, you can find the Up2Date package at:

If you are running 9.7 EAP1 (9.670-4), please use the following packages:

If you are already running 9.7 GA (9.700-4), please use the following packages:

Known Issues

In the versions 9.670-4 and 9.700-4, an issue has been discovered where after the update RED Site-to-Site tunnels may not work. This issue does not affect deployments using hardware RED devices. Fixed Up2Date packages have been released in the meanwhile. Please also see the related KB article.