"Complete IT solutions, Unquestionable Trust"


Sophos UTM 9.3 Now Released!

November 6th, 2014

Today Sophos has started pushing out their official UTM 9.3 release which has been in beta for the past few months now. Sophos says that they will start with an initial controlled Up2Date to select customer systems (approximately 1%) starting today (November 6th). The General Availablity release is expected to be on their FTP site (ftp.astaro.com) Mid-November for manual download, plus the push will be increased to 10% of their customerbase. By Mid-December the update will be fully availble through their automatic update service called Up2Date.

The feature list below was taken from their most resent news release:

Major New Features

  • Live AV Look-ups in E-Mail Protection

Introduced in UTM 9.2 for Web Protection, Live AV look-ups now come to the E-Mail Protection.
This option will improve the malware detection rates by consulting the cloud infrastructure from SophosLabs for possible threat matches. Look-ups that fail will still be scanned by the AV engine, and as part of our global feedback network unknown files will be sampled for execution and deep analysis by SophosLabs to benefit the global community while allowing you o tap the knowledge gained by these events worldwide.

  • SPX Self-Registration

With the self-registration feature, recipients of an SPX encrypted email now are offered the option to register themselves through an online-portal where they will be able to create, reset and recover passwords to access their encrypted emails. This eliminates the need to manually communicate passwords to recipients of encrypted email.
SPX – Support Attachments on Reply

  • Portal

With the SPX encryption feature recipients of encrypted emails are able to securely reply to the sender by using the SPX online-portal. When replying to an SPX-encrypted email, now recipients can also add attachments to their message. This allows that the full communication between to parties now can be encrypted in both ways.

  • Policy Tagging

With UTM 9.2 we introduced the ‘Website List’ feature where customers can add URLs and override the category. URL tagging extends this feature by allowing customers to apply zero or more custom tags, or labels to URLs. They can then use these tags in Web Policy to fine tune actions for specific sites. For example, if a customer has a restrictive policy but needs to accesscustomer websites that would otherwise be blocked, they can add their customer sites to the Website List, tag them as ‘Customer Sites’ and then modify the policy to enable access to the 'Customer Sites’ tag. Customers can also use tags like custom categories, in case they want to create their own site categories that are not provided by the built-in URL categorization functionality.

  • Time Quotas

Many organizations want to allow users a limited amount of personal browsing time during the day. In many situations, limiting this to specific times of day does is too restrictive. With this new feature in Web Protection, administrators can allocate time quotas to specific sets of sites or categories for specific users or groups. Users can choose when to consume their time quota throughout the day. When they browse to a quota site, they will be warned that they're about to use their quota. When a quota expires, they'll be informed accordingly.

  • Selective HTTPS Filtering

To allow more flexibility and provide better performance we have implemented an option to allow selective HTTPS filtering. This allows organizations to balance the need for security or visibility into some encrypted traffic, against the privacy and performance concerns that come with decrypting all HTTPS content. For example, customers can focus on performing important scans in HTTPS like (a) the ability to detect malicious content in uncategorized sites, (b) the ability to identify search terms and enforce safe search for Google and other search engines, and (c) the scanning webmail traffic for DLP only for specific sites. Previously, HTTPS decryption had to be enabled for all traffic, with exclusions being set up for individual sites where necessary.

  • Support for SG1xx Wireless Hardware

This release will add support for new SG 1xx wireless models we are going to introduce later this year.

  • Hotspot Improvements

This release improves our hotspot offering by the following features: First, we built an interface to communicate with Micros Fidelio hotel management software via its FIAS protocol. Second, we have implemented HTTPS support for hotspot login pages. And finally, hotspots can now be configured in a more multi-tenant-like fashion by restricting the "Allowed Users" option to something that's configurable per hotspot.

  • Multiple bridge support

Many more advanced firewall configurations can be solved by allowing more then one network bridge. With this release we added support for multiple bridges. With introduction of this feature we at the same time cleaned up the configuration options in the UTM WebAdmin by moving the bridge configuration directly into the interfaces pane to allow you user-friendly and simple control over all aspects of your interface configuration.

Minor New Features

  • VLAN DHCP & Tagging

We removed some restrictions around VLANs to make life of an admin easier. First we now allow DHCP on VLAN interfaces. Secondly we now allow tagged and untagged interfaces on the same hardware.

  • True File Type Detection

In our web and mail proxy we now allow detection of file types inside a downloaded archive file (zip, rar, …). This allows granular blocking based on file types included in an archive rather than blocking archive files in general.

  • Sophos Customer Support Secure Access to UTM

With increasing number of global support sites with different IP ranges, it is sometimes can be tricky for customers to allow Sophos Support teams access to their UTM via WebAdmin and SSH. Therefore we implemented a feature inside WebAdmin that enables simple and secure access to the UTM by Sophos Support upon request and under control of the customer.

  • WAF Allow/Block Lists

For the Web Application Firewall we now added support of lists to allow and block IP's. This is now is possible in the site paths.

  • WAF Wildcard Extension

Exceptions for internal servers now allow wildcards also in the middle of the server path. This allows admins to easily add exceptions for multiple servers effectively eliminating the need to maintain long lists in WebAdmin.

  • WAF Prefix/Suffix Option

Some environments, most notably Microsoft servers like Exchange and Sharepoint, require UPN/domain-style user names for log in. By adding an option to append a prefix or suffix to usernames customers now are able to add e.g. a default domain to facilitate the use in such environments.

  • HyperV 3.5 Support

The UTM 9.3 now fully supports Microsoft Hyper-V Server 2012 R2. We are incorporating MS Integration Tools v3.5 for Hyper-V which include the latest drivers and additional capabilities like high availability and load balancing.

Other New Things

[Web] We have enhanced the HTTPS performance by several proxy improvements.

[Mail] Added fonts for Greek, Japanese, Chinese, Cyrillic PDF documents generated by SPXencrypted emails.

[Mail] Added header manipulation possibilities in emails, in order to give customers the option to add/delete multiple headers to the message envelope.

[WiFi] Added Automatic Channel Selection (ACS), utilizing background scanning.

[AppCtrl] Updated Application Control Engine added better support for ATP and broader application coverage as well as IPv6 support.

[WAF] Added a setting to change WAF performance parameters.

[WAF] Ability to upload custom rules (backend enablement required).

[WAF] Added scan size limit configuration.

What's New in UTM Advantage (9.3): Overview from Sophos on Vimeo.

 For additional information please contact Internal I.T. Limited a Sophos Platinum Partner

Leave a comment:

"After you guys set up our server and workstations everything just works. We hardly ever get to see you guys"

Tyler Wilson - Performance Compression and Sealing

"All of you have done a TOP NOTCH job for us. We love seeing Max on the rare times that he needs to come in."

Tina Best - The Alberta Library