It is recommended that all UTM users update their systems regularly. While there is usually no issue during an update, sometimes an update can have errors. This is an article to assist when having update problems.
Known to apply to the following Sophos product(s) and version(s)
Astaro Security Gateway/Sophos UTM
V7, V8, V9
What To Do
One of the common issues that will occur is with system up2dates not functioning as intended through the WebAdmin. Although sometimes users may forget that they do need to apply System up2dates manually, as opposed to pattern up2dates which are automatic. Up2date management is configured under 'Management' | 'Up2date'.
In the event that normal up2date from the WebAdmin does not work there are several tests that can be run as well as force of up2dates to run from SSH.
Simulation of RPM installs
Simulation of an up2date install is useful for determining why a particular up2date may be failing. The output will appear in the standard /var/log/up2date.log file or for an individual test by sending to a file will make examination easier.
auisys.plx --simulation >> up2datetest.log
Up2date to a specific version
This is useful for up2dating to a specific version rather than all the way to the latest in particular with up2dates making large changes as noted by our feature releases of 8.100, 8.200, 8.300. Prior to up2dating completely it is usually useful and causes less problems to first up2date to the latest in the series prior to a feature release.
auisys.plx --upto 8.203
Force and skip RPM arguments
For up2date issues the combination of the --rpmargs and --force will have the greatest effect on loading all current up2dates. In addition these can be combined with the --upto version in order to create a powerful up2date order. This command is standard to run to effectively force all up2dates present to load on a system despite previous up2date failures which may be triggered by customized RPM packages having been loaded on the system previously.
auisys.plx --rpmargs --force
Or combined with 'upto' version:
auisys.plx --rpmargs --force --upto 8.203
Downloading new up2dates
Sometimes a new download or removal of an up2date will be required to resolve an issue if an up2date has been corrected on the up2date servers or is otherwise corrupted on a customer system. Remove any affected system up2dates from the AxG and run a new download:
If the download cannot communicate or authenticate to a server the download can be pulled directly from the Sophos ftp servers into the /var/up2date/sys directory with a wget command such as: