Category: Sophos UTM

Sophos UTM: Office 365 installer fails

Martin 12/02/2018

When using the newer streaming installers for Office 365 and Microsoft Office Online, you may encounter that install fails, that it cannot install or it cannot update Office. This can be due to Sophos UTM Web Filtering protection, it doesn’t like that traffic is being intercepted (Transparent proxy). Luckily you can make an exception for this in the UTM: This is the regex code added in the “Target Domains” window: ^https?://([A-Za-z0-9.-]*\.)?officecdn\.microsoft\.com\.edgesuite\.net/ Press save and it… Sophos UTM: Office 365 installer fails

Read More Sophos UTM: Office 365 installer fails

Sophos UTM 9.506-2 soft-released

Martin 25/11/2017

Sophos relased 9.506-2 which presents a lot of bugfixes, as a soft-release, which means you need to download it manually on the ftp server. In a short period af time, 1-2 weeks, it will be GA.   Release notes: Up2Date 9.506002 package description: Remarks: System will be rebooted Configuration will be upgraded Connected APs will perform firmware upgrade Connected REDs will perform firmware upgrade News: Maintenance Release Bugfixes: Fix [NUTM-8651]: [AWS] AWS Permission for “Import… Sophos UTM 9.506-2 soft-released

Read More Sophos UTM 9.506-2 soft-released

Sophos UTM: Up2date 9.505-4 released

Martin 20/10/2017

Sophos has already released a fix for the KRACK vulnerability in WIFI networks, get it here: ftp://ftp.astaro.com/UTM/v9/up2date/u2d-sys-9.504001-505004.tgz.gpg Release notes: Up2Date 9.505004 package description: Remarks: System will be rebooted Connected APs will perform firmware upgrade Connected REDs will perform firmware upgrade News: Security Release Bugfixes: Fix [NUTM-8984]: [RED] WPA2 KRACK vulnerability fixes for RED15w Fix [NUTM-8789]: [Wireless] WPA2 KRACK vulnerability fixes RPM packages contained: firmwares-bamboo-9400-0.273856001.gc09c1ec.rb1.i586.rpm red-firmware2-5123-0.273833046.g1919632.noarch.rpm red15-firmware-5123-0.273832838.g2f85ff1.noarch.rpm ep-release-9.505-4.noarch.rpm

Read More Sophos UTM: Up2date 9.505-4 released

Sophos UTM: Up2date 9.504-1 released

Martin 19/10/2017

Sophos has released a minor fix, but an important on today as GA: Release notes:   Up2Date 9.504001 package description: Remarks: System will be rebooted Configuration will be upgraded Connected REDs will perform firmware upgrade News: Security Release Bugfixes: Fix [NUTM-8851]: [Basesystem] System doesn’t boot if Posgtresql database cannot start Fix [NUTM-7240]: [RED] RED 50 loosing ARP entries of internal machines Fix [NUTM-8782]: [RED] RED10, RED15, RED50: Update OpenSSL and TCPdump to most current version… Sophos UTM: Up2date 9.504-1 released

Read More Sophos UTM: Up2date 9.504-1 released

Sophos UTM 9.503-4 released

Martin 01/09/2017

Due to a little bug with samba and missing libraries, that will get you into problems with AD join, Sophos has released a minor update for that problem in particlular: Up2Date 9.503004 package description: Remark: System will be rebooted News: Hotfix Release Bugfix: Fix [NUTM-8702]: [Web] After 9.503-3 Update: net: error while loading shared libraries RPM packages contained: samba-4.6.5-3.g71f179b.rb1.i686.rpm ep-release-9.503-4.noarch.rpm ftp://ftp.astaro.com/UTM/v9/up2date/u2d-sys-9.503003-503004.tgz.gpg

Read More Sophos UTM 9.503-4 released

Sophos UTM: Setting up DKIM for mail security

Martin 01/09/2017

Sophos UTM mail security has many features, it also supports DKIM (DomainKeys Identified Mail), which allows the UTM to cryptographically sign outgoing messages. Unfortunately it’s not “that” easy to set up, like any other UTM feature, but that’s not the UTM’s fault 🙂 I will try to explain how to make things work here: Firstly you have to generate som key pairs, which we need to use to identify your mail, I will be using OpenSSL… Sophos UTM: Setting up DKIM for mail security

Read More Sophos UTM: Setting up DKIM for mail security

Sophos UTM 9.503-3 released

Martin 24/08/2017

Sophos has released 9.503-3 today, you can download it here: ftp://ftp.astaro.com/UTM/v9/up2date/u2d-sys-9.502004-503003.tgz.gpg Release notes: Up2Date 9.503003 package description: Remarks: System will be rebooted Configuration will be upgraded Connected REDs will perform firmware upgrade Connected Wifi APs will perform firmware upgrade News: Maintenance Release Bugfixes: Fix [NUTM-7891]: [AWS] awslogsd.log is beeing flooded with logmessages Fix [NUTM-3196]: [Access & Identity] Overlapping backend user prefetches may not be executed Fix [NUTM-7943]: [Basesystem] Ntpd permanently restarting on slave node Fix… Sophos UTM 9.503-3 released

Read More Sophos UTM 9.503-3 released

Sophos UTM: TCP/UDP Ports used by Sophos RED

Martin 09/08/2017

When you have the UTM behind another firewall and want to use the RED technology, you will have to NAT the following ports through the perimeter firewall: Note: it has been seen several times that some ISP’s block the traffic of UDP 3410 due to it’s triggering of Intrusion Prevention Systems, so be aware of that, if things are not working in the beginning, then contact your ISP.

Read More Sophos UTM: TCP/UDP Ports used by Sophos RED

Sophos UTM: How to bypass individual WAF rules

Martin 09/08/2017

How to fix a false positive On Sophos UTM, mod_security can detect a far greater number of attacks, but also experiences a larger number of false positives. If your website is experiencing a lot of false positives, the best way to resolve them is to disable the specific rule IDs that are being detected. To determine the rule IDs that are being matched, you’ll need to check the Web Application Firewall log while browsing to… Sophos UTM: How to bypass individual WAF rules

Read More Sophos UTM: How to bypass individual WAF rules

Sophos UTM: Data disk filling up – due to coredumps

Martin 07/08/2017

Sometimes Sophos releases updates or patterns that corrupts a function in the UTM and make that function crash! – Everytime a core dump is generated, and that is filling up the data disk. If that happens you eventualle see a notification land in your mailbox saying: Data Disk is filling up – please check. Current usage: 82% When logging into webadmin, you may see this: Clearly the data disk is getting full! To fix this,… Sophos UTM: Data disk filling up – due to coredumps

Read More Sophos UTM: Data disk filling up – due to coredumps