Sophos UTM 9.1 Released

I am pleased to inform you that today, after months of research, development, (and public testing by you), we have released Sophos UTM 9.1. This major update to our UTM line introduces dozens of new features, offers vastly increased performance in throughput and reporting (to name a few), and all-told makes UTM an even more formidable solution. You will find an amazing new system for enforcing your Web Security settings on clients anywhere they are in the world using our UTM Endpoint offering, wireless repeating and bridging using a mesh network option for our Wireless AP50, and SSL VPN for iOS and Android mobiles. We could go on, but first I invite you to download and install the Up2Date so you can start using all of the new abilities and see what else awaits you in UTM 9.1! Read on for download information, release notes, and all the details…

Below is the download links for the Up2Date from 9.006. Hardware and Software appliance ISO’s for fresh installations of UTM will follow shortly. You will also find various specifics around this release. For a list of all the new features and functionality, you can download the official UTM 9.1 Release Notes. If you have a Sophos UTM Smart Installer, the new UTM 9.1 version will show up as a possible download using the provisioning software very soon (if it hasn’t updated already).

Sophos UTM 9.1 Release Information

Download Link:


Size: ~280MB

MD5 Sum: 8573f4bdc8ff19d9f63a81ad969bd7b8

Official Up2Date Description:
* System will be rebooted
* Configuration will be upgraded
* Database will be converted
* Connected Wifi APs will perform firmware upgrade
* Connected RED devices will perform firmware upgrade
Major Features:
* Endpoint: Web Protection for UTM Endpoint
* Network/RED/Wifi: Support for MAC Address Filtering
* RED: Offline Provisioning Mode
* VPN: SSL VPN Support for iOS and Android
* WiFi: Wireless Repeating and Bridging for AP50
Other Features (Sample):
* WebAdmin: Replace “Traffic Lights” with Toggle-Switch Design
* WebAdmin: Replace Flash Charts with JavaScript-only Solution
* Endpoint: SAA for MacOS X
* Mail: SSL Support for POP3 Proxy
* Network: QoS Download Throttling
* Network: IPv6 Prefix Delegation
* Network: IPv6 Renumbering
* Network: DNSSEC Validation
* Network: Allow to specify direction of Country Blocking
* Network: Exceptions for Country Blocking
* Network: Increase Scalability of Network Reporting/Accounting
* Network: Multilink PPP Support
* Network: Amazon VPC IPSec Tunnel Support
* RED: Auto-Deauthorize Devices
* RED: Improve UMTS Modem Support
* RED/VPN: Notifications for tunnel up/down
* VPN: SSL VPN Profiles
* VPN: Support for AES+GCM and AES+CTR Ciphers in IPSec
* WAF: Outlook Anywhere Passthrough Support
* Web: Complete Customization of Block Pages
* Web: Optionally Force Caching of Sophos Endpoint Updates
* Web: Allow to specify Maximum Download Size
* Wifi: Redirect Support for Hotspot
* General: Database Architecture Overhaul
* General: More Services Support Lock-Out after Failed Authentication
* General: Time-Events can Span Across Midnight
#15089: Support for Outlook Anywhere protocol via the Web Application Firewall (Web Server Protection)
#17999: It’s not possible to take over the Internet explorer(8 & 9) proxy settings with the SSL VPN client
#18601: Checkbox “Mime blocking inspects HTTP body” enabled does not work when Antivirus scanning is disabled
#19006: Internet Explorer still doesn’t trust the webadmin certificate after importing the WebAdmin CA
#20050: gzip deflate compression not working with WAF
#21494: IPS report for pdf and csv is incorrect
#21590: Fix SNMP traps for notifications
#21825: Form hardening breaks ‘XHTML 1.0 strict’ compliance
#21829: Timeframe and Department missing in PDF header lines
#21857: Reporting: in the Top Applications by Client PDF export the total column is displayed twice
#21861: Application Control Reporting: incorrect data in the exported pdf/xls
#21892: Encryption User: Download PKCS#12 key doesn’t work if S/MIME is disabled
#21898: Web Protection Reporting: missing sorting order in pdf under some circumstances
#21928: SSL certificate exceptions do not work for urls with an IPv6 literal as hostname
#21942: IPS notifications contain invalid links
#21957: DHCP server not working properly with large IP ranges
#21958: Live log for packetfilter shows numbers instead of the protocol
#22371: The NAT rule object cannot use network group objects for the traffic destination attribute with uplink primary address
#22546: RED Split-Tunneling via UMTS is not working properly
#22634: Static IP address assignment for RED does not work together with transparent/split mode
#23333: Blocked application name on the block page is truncated
#24156: Search Engine Report => Top 10 pie chart has label with HTML “br” tag  in description.
Known issues note regarding Virtualization:
There is a small problem which leads to deadlocks during boot-up on some versions of the KVM virtualization if the KVM instance uses more than one CPU. The workaround is to only use this version in KVM instances with one CPU.
The ISO installer sometimes hangs on start-up when using Citrix XEN. The workaround is to install 9.006 and use the Up2Date to 9.100 to run this version.

Up2Date Installation: Sophos Up2Date technology makes it easy to upgrade your Sophos UTM to the latest version. There are two ways to apply an already-downloaded Up2Date package to the system:

  1. Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the “Watch Up2Date Progress in new window” and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
  2. Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
Sophos UTM Up2Date FTP Mirrors:


  • If you want to provide feedback or want to discuss any of the UTM V9 features you should post it on our User Bulletin Board. Please indicate the version you are using to help us (and everyone helping you). e.g. “[9.006] Configuring RED with UTM in Amazon Cloud”.
  • If you have any feedback on our help, manual, or any documentation (Online Help) please send it to
  • You are free to use our new demo server environment without hassle, nags, or registration. Enjoy!

-Your friendly neighbourhood Product Ninja,

Angelo Comazzetto

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s