What’s new in UTM 9.7?
- Support for new APX Access Points
In addition to the legacy AP series access points, UTM 9.7 brings support for the newer Wave 2 APX series access points which can now also be added and managed with UTM 9. This includes support for APX 120, APX 320, APX 530 and APX 740.
- Certificate Chain support for WebAdmin and UserPortal
Full certificate chains that are uploaded to UTM for use with WebAdmin and/or UserPortal will no longer be split but will be delivered in full when accessing WebAdmin and/or UserPortal and web browsers will no longer display warnings for these certificates.
- Certificate Chain Support for WebProxy
When using an intermediate certificate to sign HTTPS decryption certificates in WebProxy, WebProxy will now build and return a full certificate chain for the generated certificate to avoid browsers showing a warning when not explicitly trusting the intermediate certificate. The root certificate has to be available within the verification CAs.
- New RED Site 2 Site Protocol
RED Site 2 Site connections in UTM will now use the same protocol used within XG Firewall for RED Site 2 Site connections. This removes the need to specify legacy RED site 2 site connections in XG Firewall and provides enhancements to the RED site 2 site implementation in UTM.
Drawing on your feedback and requests, Sophos developed Sophos UTM 9.5. This latest update of our award-winning unified threat management (UTM) platform makes managing your IT security easier, faster and more flexible.
And, it includes new features for Web Application Firewall and our next-gen sandboxing technology, Sophos Sandstorm.
So, what does this update include?
Sophos Sandstorm Enhancements
- Datacenter location selection option for Sophos Sandstorm without relying on DNS based location detection
- Sandstorm activity reporting expanded to include email attachments for improved visibility
- Scan exceptions for Sophos Sandstorm to exclude specific filetypes from being sent to Sophos Sandstorm analysis

Web Application Firewall Enhancements
- WAF URL Redirection allows you to redirect traffic for a WAF protected URL to a different backend system or URL
- WAF protection and authentication policy templates were added for common Microsoft services for protection and authentication
- Configure minimum allowed TLS version to improve security
- WAF Proxy Protocol Support to use the client IP info inside the ProxyProtocol header to make policy decisions and improve logging
- True File Type Scanning enables you to block uploads and downloads based on MIME type

Management and Reporting Enhancements
- Download all UTM logs in a single archive
- Support Access with SSH is extending the existing Support Access feature
- 64-bit PostgreSQL Database to generate reports with big datasets faster. The existing database will be migrated without impacting any data.
- SNMP Monitoring of full filesystem to integrate UTM filesystem monitoring in regular SNMP based monitoring solutions
- Certificate Expiration Notification 30 days before expiration date via WebAdmin and e-Mail, giving you plenty of notice for certificate renewal
- RESTful API to configure Sophos UTM 9
