Advisory: Issues you may experience after updating to UTM 9.3 and workarounds


This article explains how to fix known issues with the recently released UTM v9.3.

Applies to the following Sophos product(s) and version(s)

Sophos UTM 9.3

Issues and workarounds

If you experience one of the following issues following the update from 9.2x to 9.3 please use workaround described here.

Affected module Issue Defect-ID How to identify Workaround Fixed in version
  • Wireless Protection
  • After the update to 9.3 the wireless protection module is automatically disabled
33743
  • None of your wireless networks are reachable anymore and the Access Points are disconnected

The Wireless Protection module gets automatically activated again after you navigate to Wireless Protection | Global Settings on the WebAdmin.

After the module is activated again the wireless networks and the Access Points are accessible again.

9.301
  • Wireless Protection
  • Sophos UTM 9.3 no longer supports the use of a backslash in the SSID and the PSK
33746
  • You are no longer able to connect to a wireless network configured on the UTM because the PSK doesn´t match anymore

  • You are no longer able to connect to a wireless network configured on the UTM because the SSID contains a backslash
Please contact support or remove the backslash in the PSK and/or the SSID. 9.302
  • Middleware
  • If you configured a bridge and a IPSec tunnel(no matter if Site-to-Site or Remote Access) the middleware stops working after the update to 9.3
33760
  • All configuration changes on the WebAdmin in 9.3 have no impact

none

9.301
  • Email Protection
  • Incoming BATV mails lead to misbehavior of the SMTP handling
33881
  • The incoming BATV mail ends in another random mail
none 9.304
  • Wireless Protection
  • Special characters in a SSID will lead to an unwanted shutdown of the wireless daemon
33655
  • If you create a SSID which includes special characters((e.g. $ ~ ` )) the wireless daemon will stop and so none of your wireless networks are reachable anymore
none 9.302
  • Wireless Protection
  • wireless.log shows “rt2x00queue_write_tx_frame: Error – Dropping frame due to full TX queue 2”
33824
  • Connection lost from wireless clients during this error message
Please contact support for guidance regarding the workaround 9.302
  • High Availability
  • Slave appliance stays in “SYNCING” state after update to 9.300
33766
  • The slave will stay in “SYNCING” state and will remain forever
none 9.302
  • SUM
  • Network objects with interface bindings get overwritten by SUM
33839
  • If a local object exists with the identical address, netmask, and name, the object gets overwritten from SUM object deployment even if the UTM object has the “bind to interface” option active
none TBA
  • RED
  • RED device will get defective if 3G/UMTS failover is activated after the update to 9.3
33959
  • After the update to 9.3, the 3G/UMTS failover will fail so the RED gets stuck in the firmware routine
Please contact support for guidance regarding the workaround 9.304
  • Wireless Protection
  • Meshed Access Points keep rebooting
33841
  • When you are using meshed Access Points on the UTM the APs keep rebooting frequently
none 9.306
  • Wireless Protection
  • Performance issues when running the AP in separate zone
34258
  • When you are using the AP in separate zone, you will recognize performance issues(traffic <20Kbit/s) with the traffic between the Wireless LAN and your internal LAN
  • Logon to the shell as root

  • Run the command:

ethtool –K wlanX tso off

TBA
  • Email Protection
  • SMTP proxy stops working when using the SMTP proxy in profile mode
33995
  • SMTP proxy stops processing mail and the smtp.log shows

    “failed to open /etc/exim.conf.senderblacklist/REF_SMTPGlobalProfile”
none 9.306
  • Webserver Protection
  • The use of wildcards in the domain name for the virtual webserver doesn´t work anymore
34104
  • When using a wildcard in the domain name, the request to this domain name is not processed correctly as it doesn´t match correctly
none TBA
  • RED
  • Building a bridge with a RED interface doesn´t work anymore
34009
  • Traffic between the two bridged interfaces is not processed correctly
none TBA

Note: All listed issues are tracked as defects and are listed in the Known Issues List for Sophos Products.

Related:

Event ID 10004 — Wireless Local Area Network (WLAN) Extensibility

Event ID 10004 — Wireless Local Area Network (WLAN) Extensibility

Updated: January 7, 2009

Applies To: Windows Server 2008 R2

Windows can detect and report if the WLAN Extensibility module fails to start or stops unexpectedly.

The WLAN Extensibility module provides independent hardware vendors (IHVs) with more flexibility to support advanced features of IEEE 802.11 networks, and extend the built-in wireless client for additional wireless services and custom capabilities. For example, IHVs and independent software vendors (ISVs) can use WLAN Extensibility to provide customized configuration dialog boxes and wizards to display custom ISV or IHV wireless features and capabilities that are not provided by default in Windows.

Event Details

Product: Windows Operating System
ID: 10004
Source: Microsoft-Windows-WLAN-AutoConfig
Version: 6.1
Symbolic Name: ExtHostTimedOutEvtDesc
Message: WLAN Extensibility Module has timed out.Module Path: %1

Resolve
WLAN Extensibility Module time out

There are three actions that you can take to resolve this error:

  1. Disable the Wireless Network Connection, and then enable the Wireless Network Connection.
  2. Restart the WLAN AutoConfig service (Wlansvc).
  3. Contact the independent hardware vendor (IHV) provider for your hardware.

To perform these procedures, you must be logged on by using a local computer Administrator account, or you must have been delegated the appropriate authority. If you are not logged on by using an account that belongs to the Administrators group, you must be able to supply administrator credentials, in order to run the command prompt as administrator.

Disable the Wireless Network Connection, and then enable the Wireless Network Connection

To disable the Wireless Network Connection, and then enable the Wireless Network Connection:

  1. Click Start, click Control Panel, click Network and Internet, click Network and Sharing Center, and in Tasks, click Manage network connections.
  2. Right-click the Wireless Network Connection that you want to manage, and in the drop-down menu, click Disable.
  3. After the Wireless Network Connection is disabled, right-click the connection, and then click Enable.

If the error persists, follow the steps in the next procedure to restart the WLAN AutoConfig service.

Restart the WLAN AutoConfig service (Wlansvc)

To restart the WLAN AutoConfig service (Wlansvc):

  1. Click Start, right-click Computer, and then click Manage.
  2. In Computer Management (Local), click Services and Applications, and then click Services.
  3. In the details pane, under Name, navigate to WLAN AutoConfig.
  4. Right-click WLAN AutoConfig, click Properties, and on the General tab, in Startup type, select Automatic, and then click Start.
  5. Click OK.

Contact the IHV provider for your hardware

  • Contact your computer manufacturer, or the manufacturer of your wireless network adapter for the most recent adapter drivers.

Verify

There are two methods to verify wireless extensibility settings are applied:

  • Verify wireless independent hardware vendor (IHV) extensibility settings are applied by using the netsh wlan command
  • Verify wireless IHV extensibility settings by using the profile properties

Verify wireless IHV extensibility settings are applied by using the netsh wlan command:

  1. Click Start, and in Start Search, type cmd, and then press ENTER.
  2. At the command prompt, type netsh wlan show interfaceInterfaceName (where InterfaceName is the name of the wireless connection listed in Network Connections), and then press ENTER.
  3. If IHV extensibility settings are applied, then the command will render a message indicating IHV extensibility settings applied on the connection.

Verify wireless IHV extensibility settings by using the profile properties

  1. Click Start, click Control Panel, and then click Network and Sharing Center.
  2. In Tasks, click Manage wireless networks.
  3. Double-click the wireless profile, to open the wireless connection profile properties dialog box.
  4. If IHV service is installed, an IHV check box is displayed on the Connection tab.

Related Management Information

Wireless Local Area Network (WLAN) Extensibility

Networking

Related:

Event ID 4000 — WLAN AutoConfig Service

Event ID 4000 — WLAN AutoConfig Service

Updated: January 7, 2009

Applies To: Windows Server 2008 R2

WLAN AutoConfig is a service that configures wireless security and connectivity settings. WLAN AutoConfig configures Institute of Electrical and Electronics Engineers (IEEE) 802.11 wireless adapters for connectivity to ad-hoc wireless networks, small-office wireless infrastructure networks, and for networks that provide 802.1X-authenticated network access. When enabled, WLAN AutoConfig settings apply to all IEEE 802.11 wireless network adapters that are installed on a computer.

Event Details

Product: Windows Operating System
ID: 4000
Source: Microsoft-Windows-WLAN-AutoConfig
Version: 6.1
Symbolic Name: WlansvcStartEvtDesc
Message: WLAN AutoConfig service has successfully started.

Resolve

This is a normal condition. No further action is required.

Related Management Information

WLAN AutoConfig Service

Networking

Related:

Event ID 10000 — Wireless Local Area Network (WLAN) Extensibility

Event ID 10000 — Wireless Local Area Network (WLAN) Extensibility

Updated: April 17, 2008

Applies To: Windows Server 2008

Windows can detect and report if the WLAN Extensibility module fails to start or stops unexpectedly.

The WLAN Extensibility module provides independent hardware vendors (IHVs) with more flexibility to support advanced features of IEEE 802.11 networks, and extend the built-in wireless client for additional wireless services and custom capabilities. For example, IHVs and independent software vendors (ISVs) can use WLAN Extensibility to provide customized configuration dialog boxes and wizards to display custom ISV or IHV wireless features and capabilities that are not provided by default in Windows.

Event Details

Product: Windows Operating System
ID: 10000
Source: Microsoft-Windows-WLAN-AutoConfig
Version: 6.0
Symbolic Name: ExtHostStartFailureEvtDesc
Message: WLAN Extensibility Module has failed to start.Module Path: %1Error Code: %2

Resolve
WLAN Extensibility Module failed to start

There are three actions that you can take to resolve this error:

  1. Disable the Wireless Network Connection, and then enable the Wireless Network Connection.
  2. Restart the WLAN AutoConfig service (Wlansvc).
  3. Contact the independent hardware vendor (IHV) provider for your hardware.

To perform these procedures, you must be logged on by using a local computer Administrator account, or you must have been delegated the appropriate authority. If you are not logged on by using an account that belongs to the Administrators group, you must be able to supply administrator credentials, in order to run the command prompt as administrator.

Disable the Wireless Network Connection, and then enable the Wireless Network Connection

To disable the Wireless Network Connection, and then enable the Wireless Network Connection:

  1. Click Start, click Control Panel, click Network and Internet, click Network and Sharing Center, and in Tasks, click Manage network connections.
  2. Right-click the Wireless Network Connection that you want to manage, and in the drop-down menu, click Disable.
  3. After the Wireless Network Connection is disabled, right-click the connection, and then click Enable.

If the error persists, follow the steps in the next procedure to restart the WLAN AutoConfig service.

Restart the WLAN AutoConfig service (Wlansvc)

To restart the WLAN AutoConfig service (Wlansvc):

  1. Click Start, right-click Computer, and then click Manage.
  2. In Computer Management (Local), click Services and Applications, and then click Services.
  3. In the details pane, under Name, navigate to WLAN AutoConfig.
  4. Right-click WLAN AutoConfig, click Properties, and on the General tab, in Startup type, select Automatic, and then click Start.
  5. Click OK.

Contact the IHV provider for your hardware

  • Contact your computer manufacturer, or the manufacturer of your wireless network adapter for the most recent adapter drivers.

Verify

There are two methods to verify wireless extensibility settings are applied:

  • Verify wireless independent hardware vendor (IHV) extensibility settings are applied by using the netsh wlan command
  • Verify wireless IHV extensibility settings by using the profile properties

Verify wireless IHV extensibility settings are applied by using the netsh wlan command:

  1. Click Start, and in Start Search, type cmd, and then press ENTER.
  2. At the command prompt, type netsh wlan show interfaceInterfaceName (where InterfaceName is the name of the wireless connection listed in Network Connections), and then press ENTER.
  3. If IHV extensibility settings are applied, then the command will render a message indicating IHV extensibility settings applied on the connection.

Verify wireless IHV extensibility settings by using the profile properties

  1. Click Start, click Control Panel, and then click Network and Sharing Center.
  2. In Tasks, click Manage wireless networks.
  3. Double-click the wireless profile, to open the wireless connection profile properties dialog box.
  4. If IHV service is installed, an IHV check box is displayed on the Connection tab.

Related Management Information

Wireless Local Area Network (WLAN) Extensibility

Networking

Related:

Cisco 5760 Wireless LAN Controller: High Performance; More Features

Features and Capabilities


The first model in the new 5700 Series, the Cisco 5760 Wireless LAN Controller, is designed for mid-to-large campus deployments and offers:

  • Support high availability and application visibility for wireless clients
  • Wire-speed 60 Gbps throughput with advanced network services per controller
  • Support for up to 1000 access points and 12,000 clients per controller
  • High resiliency with N+1 clustering, Multiple LAG, and redundant power supplies
  • Cisco IOS-based wireless controller with features such as Flexible NetFlow, Advanced QoS, downloadable access control lists, and more

Product Support Services


Cisco’s Services can help you increase operational efficiency, lower support costs, and improve availability risk management.

Additional Resources


Related: