Yesterday Sophos released 9.404-5 for their UTM firewall, it is a big fix this time. I mainly appreciate they fixed the errors in Internet Explorer ,about the security of the VPN client, when downloading fro the User Portal 
Download here: ftp://ftp.astaro.com/UTM/v9/up2date/u2d-sys-9.403004-404005.tgz.gpg
Relase notes:
Up2Date 9.404005 package description:
Remarks:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade
Connected Wifi APs will perform firmware upgrade
News:
Maintenance Release
Bugfixes:
Fix [NUTM-1775]: [Access & Identity] 35668: DHCP Broadcast over all RED LAN ports causing wrong IP address assignment
Fix [NUTM-1784]: [Access & Identity] implement “TLS 1.2 only” switch for RED to UTM communication
Fix [NUTM-2404]: [Access & Identity] 36172: RED15 has loaded fallback network config
Fix [NUTM-2841]: [Access & Identity] 36224: WARNING: CPU: 1 PID: 0 at net/netfilter/nf_conntrack_expect.c:51 nf_ct_unlink_expect_report+0x5e/0xd1 [nf_conntrack]()
Fix [NUTM-3415]: [Access & Identity] PPTP VPN with an IP Pool 172.16.0.0/20 doesn’t work correctly
Fix [NUTM-3439]: [Access & Identity] After upgrade to 9.4 and using SSL VPN the IPv4 traffic is not going over the full tunnel
Fix [NUTM-3536]: [Access & Identity] RED15 traffic not possible, red_server reports “Unable to get proc entry”
Fix [NUTM-3719]: [Access & Identity] mdw errors when configuring a RED device
Fix [NUTM-3735]: [Access & Identity] SSL VPN IP pool should not be usable without IPv4
Fix [NUTM-3757]: [Access & Identity] SSL VPN: don’t push IPv6 interface address if no IPv6 route is pushed
Fix [NUTM-3763]: [Access & Identity] SSL VPN client cannot be downloaded from userportal with IE
Fix [NUTM-3843]: [Access & Identity] SSL VPN route injection into OSPF not working properly after update to 9.4
Fix [NUTM-3867]: [Access & Identity] SMC: WEP passwords are not pushed correctly
Fix [NUTM-3924]: [Access & Identity] PPTP and iOS with config from userportal doesn’t work properly
Fix [NUTM-3934]: [Access & Identity] RED: CON_CLOSE provide information to UTM if peer is not stable enough
Fix [NUTM-3962]: [Access & Identity] IPsec doesn’t work with SHA2
Fix [NUTM-4173]: [Access & Identity] Since Update to 9.4 IPsec site-to-site connections won’t work after pppoe reconnect
Fix [NUTM-3982]: [Basesystem] Errors in Notifications Database
Fix [NUTM-2677]: [HA/Cluster] 36293: The Slave node in HA doesn’t show any resource usage
Fix [NUTM-2235]: [Network] 35662: Additional adresses of a PPPoE interface are not reachable after takeover
Fix [NUTM-3684]: [Network] APN can’t be changed if LTE is selected as network
Fix [NUTM-3061]: [Reporting] Remote Access filtering is not working correctly if the username contains a “\” sign
Fix [NUTM-3662]: [Reporting] wrong descriptions for CRIT-065 and INFO-007 in MIB file
Fix [NUTM-3753]: [Reporting] Remote Access Accounting not recording L2TP sessions
Fix [NUTM-4306]: [Reporting] postgres[xxxxx]: [x-x] STATEMENT: select src_ip, virt_ip, virt_ip6, logintime, service from vpn where status = 0 and logintime = logouttime LIMIT 1000
Fix [NUTM-3689]: [SUM] device agent claims SUM objects
Fix [NUTM-3028]: [Virtualization] HyperV interface handling (9.4)
Fix [NUTM-3482]: [WAF] form template unchanged with update from 9.355 to 9.4
Fix [NUTM-3694]: [WAF] Customized mod_security rule didn’t work correctly
Fix [NUTM-3748]: [WAF] Content length and content get lost when using form-harding
Fix [NUTM-4119]: [WAF] SSL is not used to transfer sticky session cookies
Fix [NUTM-3172]: [WebAdmin] Support tools – PPPoE shows itfhw instead of vlantag
Fix [NUTM-3113]: [Web] Proxy freeze after Savi update
Fix [NUTM-3118]: [Web] “Remove embedded objects” / “Disable JavaScript” shows script code
Fix [NUTM-3367]: [Web] “Unblock URL” button is displayed even when “Users/Groups Allowed to Bypass Blocking” is empty
Fix [NUTM-3485]: [Web] HTTP Proxy profile matching doesn’t work for DNS groups which contain IPv6 addresses
Fix [NUTM-3550]: [Web] frox segfaults/core dumps while uploading files
Fix [NUTM-3554]: [Web] Error returned from samba command on AD sync
Fix [NUTM-3617]: [Web] Sandstorm Database Error
Fix [NUTM-3710]: [Web] New exception regex for Chrome Update
Fix [NUTM-3844]: [Web] If using a ‘ character in file name, postgres is not able to insert this to the TransactionLog (Sandbox)
Fix [NUTM-3920]: [Web] Sandbox: cleaning up old data in TransactionLog on slave nodes raises postgres errors
Fix [NUTM-4055]: [Web] HTTP Proxy causing weird log entries in uma.log
Fix [NUTM-3039]: [WiFi] RADIUS authentication failover via Availability Group not working correctly
Fix [NUTM-3072]: [WiFi] Hotspot: race condition if multiple logins per MAC
Fix [NUTM-3472]: [WiFi] wireless.log – download_ca: CA fingerprint overwritten by TA / No trusted fingerprint found in certificate chain HUB.
Fix [NUTM-3760]: [WiFi] WIFI profile pushed to SMC using same name
Fix [NUTM-4117]: [WiFi] Mesh AP’s all go down and do not come back up
Fix [NUTM-4151]: [WiFi] AP30 (possibly other models) not becoming active anymore after update to >= 9.400
Fix [NUTM-4126]: [[Backend/Devel] Confd] Clean up of duplicate Domain-Regex
Fix [NUTM-4142]: [[Backend/Devel] Confd] Remote Access Manager can’t deactivate a VPN profile with groups
Fix [NUTM-4158]: [[Backend/Devel] Confd] confd[xxx]: parse_formats: unrecognized tag format: FUNC__XXX
Fix [NUTM-4160]: [[Backend/Devel] Confd] Accessing WebAdmin as non-superuser repeatedly raises “NODE_READ_DENIED” error on confd node “migration->tab_visibility”
RPM packages contained:
libopenssl1_0_0-1.0.1k-366.g9942078.rb4.i686.rpm
libopenssl1_0_0_httpproxy-1.0.1k-366.g9942078.rb4.i686.rpm
libudev0-147-0.84.1.1609.gf739ec4.rb5.i686.rpm
acpid-2.0.22-2.1.gb620f87.rb4.i686.rpm
client-iphone-9.40-1.gd817f8e.rb4.noarch.rpm
client-openvpn-9.40-11.g434309f.rb2.noarch.rpm
cm-nextgen-agent-9.40-10.g5b4e560.rb3.i686.rpm
firmware-wifi-9400-0.230200226.g80f1105.rb3.i586.rpm
firmware-wifi-stable-9400-0.230200183.g67e2cec.rb2.i586.rpm
modformhardening-9.40-72.g083b545.rb5.i686.rpm
openssl-1.0.1k-366.g9942078.rb4.i686.rpm
perf-tools-3.12.48-0.228287133.g63c0044.rb7.i686.rpm
red-firmware2-5023a-0.231240889.g1f75a52.noarch.rpm
red15-firmware-5023a-0.231241248.ge384bc1.noarch.rpm
udev-147-0.84.1.1609.gf739ec4.rb5.i686.rpm
ep-reporting-9.40-28.g366bbbd.rb1.i686.rpm
ep-reporting-c-9.40-28.g40cca85.rb5.i686.rpm
ep-reporting-resources-9.40-28.g366bbbd.rb1.i686.rpm
ep-branding-ASG-afg-9.40-28.g0623e18.noarch.rpm
ep-branding-ASG-ang-9.40-28.g0623e18.noarch.rpm
ep-branding-ASG-asg-9.40-28.g0623e18.noarch.rpm
ep-branding-ASG-atg-9.40-28.g0623e18.noarch.rpm
ep-branding-ASG-aug-9.40-28.g0623e18.noarch.rpm
ep-confd-9.40-646.g686b4e6.i686.rpm
ep-confd-tools-9.40-639.gf681062.rb10.i686.rpm
ep-ha-aws-9.40-179.g177e5d2.rb3.noarch.rpm
ep-ha-daemon-9.40-4.g731a58a.rb2.i686.rpm
ep-mdw-9.40-406.g9846a6e.rb9.i686.rpm
ep-red-9.40-10.ge667aab.rb4.i686.rpm
ep-sandboxd-9.40-0.229561253.ge2fa259.rb2.i686.rpm
ep-webadmin-9.40-586.g61ca7c4.rb1.i686.rpm
ep-cloud-ec2-9.40-5.g02ceb2b.rb4.i686.rpm
chroot-ftp-9.40-5.g675f742.rb3.i686.rpm
chroot-ipsec-9.40-7.ge6e957a.rb3.i686.rpm
chroot-openvpn-9.40-25.g2316a39.rb4.i686.rpm
chroot-pptp-9.40-1.g7ab5a93.rb3.i686.rpm
ep-httpproxy-9.40-317.g78dfd3a.i686.rpm
kernel-smp-3.12.48-0.228287133.g63c0044.rb7.i686.rpm
kernel-smp64-3.12.48-0.228287133.g63c0044.rb7.x86_64.rpm
ep-release-9.404-5.noarch.rpm