Funkwerk UTM Release Notes (english)



Similar documents
Funkwerk UTM Release Notes (english)

Innominate mguard Version 6

Chapter 9 Monitoring System Performance

Firewall Defaults and Some Basic Rules

Preparing for Version 10

Steps for Basic Configuration

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

Chapter 2 Connecting the FVX538 to the Internet

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2

NETASQ MIGRATING FROM V8 TO V9

Configuring Trend Micro Content Security

Chapter 8 Router and Network Management

Multi-Homing Security Gateway

Chapter 4 Managing Your Network

CYAN SECURE WEB APPLIANCE. User interface manual

UIP1868P User Interface Guide

Barracuda Link Balancer Administrator s Guide

Mediatrix 4404 Step by Step Configuration Guide June 22, 2011

Version 0.1 June Xerox WorkCentre 7120 Fax over Internet Protocol (FoIP)

Vantage Report. User s Guide. Version /2006 Edition 1

Load Balancer LB-2. User s Guide

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

Darstellung Unterschied ZyNOS Firmware Version 4.02 => 4.03

Barracuda Link Balancer

1.1 SIP - No call possible

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Network Configuration Settings

Multi-Homing Gateway. User s Manual

SonicWALL PCI 1.1 Implementation Guide

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Load Balancing Router. User s Guide

Installation of the On Site Server (OSS)

ZyWALL USG ZLD 3.0 Support Notes

SonicOS 5.9 One Touch Configuration Guide

your Gateway Windows network installationguide b wireless series Router model WBR-100 Configuring Installing

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Broadband Router ESG-103. User s Guide

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

System Admin Module User Guide. Schmooze Com Inc.

Unified Threat Management

NetComm V90 VoIP Phone Quick Start Guide Draft Release 0.1

Multi-Homing Dual WAN Firewall Router

Chapter 1 Configuring Basic Connectivity

VPN Wizard Default Settings and General Information

1 You will need the following items to get started:

Source-Connect Network Configuration Last updated May 2009

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

Migration Manual (For Outlook Express 6)

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

FortiGate High Availability Overview Technical Note

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

escan SBS 2008 Installation Guide

BR Load Balancing Router. Manual

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Step-by-Step Configuration

LevelOne. User Manual. FBR-1430 VPN Broadband Router, 1W 4L V1.0

SonicOS Enhanced Release Notes

Firmware Release Notes

FBR Multi-WAN VPN Router. User Manual

TW100-BRV204 VPN Firewall Router

Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

ReadyNAS Setup Manual

Broadband Phone Gateway BPG510 Technical Users Guide

F-Secure Internet Gatekeeper

Fireware Essentials Exam Study Guide

IP PBX. SD Card Slot. FXO Ports. PBX WAN port. FXO Ports LED, RED means online

Quadro IP PBXs Comparison Matrix

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

NEFSIS DEDICATED SERVER

Fireware How To Network Configuration

Load Balance Router R258V

Using Innominate mguard over BGAN

BorderWare Firewall Server 7.1. Release Notes

Release Notes for XTM 2, 5, and 8 Series, XTM 1050, and Firebox X Peak, Core and Edge e-series Appliances

V310 Support Note Version 1.0 November, 2011

Chapter 3 LAN Configuration

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Broadband Router ALL1294B

Chapter 8 Monitoring and Logging

Chapter 4 Security and Firewall Protection

F-Secure Messaging Security Gateway. Deployment Guide

Migration Manual (For Outlook 2010)

Chapter 4 Firewall Protection and Content Filtering

AXIGEN Mail Server. Quick Installation and Configuration Guide. Product version: 6.1 Document version: 1.0

Innominate mguard Version 7.0 Configuration Examples

Business VoIP Solution Training 04/2009

Setting Up Scan to SMB on TaskALFA series MFP s.

D-Link DVG-1402S. Manual. 2Voice + 4SW VoIP Router. Version B.1. Building Networks for People

TR-7W Configuration Guide. Before You Start

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

First Installation Guide

TW100-BRF114 Firewall Router. User's Guide. Cable/DSL Internet Access. 4-Port Switching Hub

Digium Switchvox AA65 PBX Configuration

Configure IPSec VPN Tunnels With the Wizard

Comodo Korugan Software Version 1.4

eprism Security Appliance 6.0 Release Notes What's New in 6.0

ADMINISTRATION GUIDE Cisco Small Business

WatchGuard Training. Introduction to WatchGuard Dimension

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Transcription:

Funkwerk UTM Release Notes (english) General Hints Please create a backup of your UTM system's configuration (Maintenance > Configuration > Manual Backup) before you start to install the software update. Also make a note which software version is currently running on the UTM system. In case of complications during the software update (e.g. power failure, accidental power down) the UTM system may become unusable. In this case perform a Factory Reset, install the software version which was running before the upgrade and restore (Maintenance > Configuration > Restore) the saved configuration. After this try to install the software update again. The file format of the configuration backup is not compatible between different software versions. Please create a new configuration backup immediately after you have upgraded your UTM system. Release 1.70.0 Release date: 29.10.2007 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 UTM 2500 Hints Regarding The Release In order to install this update on UTM 1500, 2100 or 2500, it is required that the system is running at least software version 1.60.0 or later. 1

New Features And Changes HTTP Content Filter Access to web pages using the HTTP Proxy can now be granted or denied based on categories (e.g. Pornography, Shopping...). For this, allowed or forbidden categories can be combined into Content Profiles (Entities > Content Profiles). These profiles can then in turn be associated with HTTP policies under Firewall > Policies > HTTP. A combination with other policy settings (e.g. user authentication) is also possible. The Content Filter feature is an extension that needs to be licensed separately. High Availability The High Availability feature (Local Services > High Availability) can be used to improve system availability in conjunction with deployment of a hot standby system. In case of failure of the primary (master) system, the hot standby system will take over its functions. The system configuration needs to be maintained on the master system only and is transferred to the standby system automatically. Transfer of the configuration as well as exchange of the heartbeat signal is performed via one of the Ethernet ports. There is no transfer of established sessions (firewall, VPN...). Extensions (users, Kaspersky Antivirus, Commtouch Antispam...) have to be licensed only once for each master/standby installation. Quality of Service (QoS) The QoS feature allows controlling the bandwidth of outgoing traffic on a virtual interface. For this, available bandwidth is divided into classes which are then assigned IP packets using a variety of criteria. A minimum and maximum bandwidth can be defined for each class. If a class does not use up the minimum bandwidth in its entirety, the remaining bandwidth is distributed among the other classes, allowing them to benefit until their maximum bandwidth is matched. 2

OSPF Routing Protocol Funkwerk UTM is now able to dynamically exchange routing information with other systems using the OSPFv2 routing protocol. For every interface of the type Base it is possible to separately select participation in the OSPF routing process. Firewall Support for SIP, PPTP and TFTP The firewall was extended with so called connection trackers for SIP, PPTP and TFTP. These connection trackers enable the stateful firewall to handle protocols that dynamically negotiate additional connections between client and server (e.g. RTP with SIP). Timeout and manual flushing of IP/license bindings Every client system within an internal network sending IP packets passing through the Funkwerk UTM uses one of the available licenses. For this, the IP address of the system is assigned to a license. In previous releases this binding was maintained until the Funkwerk UTM was restarted. A timeout feature has now been added to this mechanism. If the client system stops sending IP packets across the Funkwerk UTM, the binding is released after 5 hours and the license becomes available again for use by other client systems. In addition, the menu item Monitoring > License Usage now offers a way to manually flush individual IP/license bindings. Deleting the entire mail queue (UTM 1500, 2100, 2500 only) Using the menu item Maintenance > Diagnostic > Mailqueue it is now possible to delete the entire content of the SMTP proxy's mail queue. This function will delete all mail queue entries after prompting for confirmation. 3

Secondary IP Addresses Secondary IP addresses can now be bound to interfaces with a static primary IP address (Networking > Interfaces > IP / Virtual). In addition it is configurable whether UTM services (e.g. proxies, web interface...) should only be bound to the primary IP address of an interface or to the secondary addresses as well. All VPN variations are exempt from this. VPN servers can only be bound to the primary address in all cases. Bug Fixes Display of the IPSec Phase 1 ID (Bug ID 8949) Under Monitoring > VPN Connections > IPSec the Phase 1 ID of an IPSec connection was displayed incorrectly. Certificate Calculator (Bug ID 8778) Under Certificates > Calculator, place holders for the User Distinguished Name were determined incorrectly. 4

Release 1.60.0 Release date: 13.08.2007 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 UTM 2500 Hints Regarding The Release During the installation of the update on UTM 1500, 2100 and 2500 systems the configuration data will be converted. This operation will take a few minutes. New Features And Changes Setup Wizard The selection Previous Configuration / Factory Defaults was removed from the Setup Wizard. Now the Setup Wizard always uses the factory default configuration. Administration via any Interface Now it is possible to access the web GUI via any interface (including PPPoE, PPTP and L2TP). This allows administration of the UTM system from IP addresses outside of the local network. This feature was already available in the UTM 1100. DHCP Client The UTM system can act now as a DHCP client on each ethernet interface. This feature was already available in the UTM 1100. 5

IPSec peers with dynamic IP address Now it is possible to make outgoing IPSec connections to peers with a dynamic IP address. The peer has to use dynamic DNS (e.g. Dyndns) to provide its IP address. The UTM system will reconnect the IPSec tunnel if it detects a change of the DNS resolution. IPSec Dead Peer Detection Dead Peer Detection based on RFC 3706 is now supported by the UTM system. This feature can be configured separately for each connection definition. Configurable IPSec IDs The local and the peer's IPSec ID can be configured now. The following types of IDs are available: IP address, FQDN, email address. Bug Fixes CA root certificates for IPSec Now all imported and local generated CA root certificates will be used to validate the peer's certificate. Sender spam notification Even though sender spam notification was configured in Local Services > Anti Spam no notification was sent to the sender of the spam email. Forbidden Extensions The setting Forbidden Attachments in Local Services > Proxy Server > SMTP was not used when virus and spam check was disabled. 6

HTTP proxy user authentication (Bug ID 8484) Authentication against the HTTP proxy was not possible for users with upper case characters in their user names. Commtouch spam detection (UTM 1100 only) The Commtouch spam detection was not working when the UTM system's hostname was configured as a FQDN. Processing of UTF 8 encoded emails (UTM 1500, 2100, 2500 only) The UTM system was not able to handle emails with UTF 8 encoded parts correctly. The email was bounced to the sender. GUI TCPDump (UTM 1100 only) In Maintenance > Diagnostic > TCPDump the download button was not working. GUI stack trace in SMTP Proxy configuration When no Network Items of type Host were configured on the UTM system a stack trace was displayed when pressing the OK button in Local Services > Proxy Server > SMTP. Import of CA root certificates (Bug ID 8556) It was not possible to import root certificates with the content critical in the section 509v3 Basic Constraint. 7

GUI stack trace during the import of CA root certificates (Bug ID 8828) During the import of root certificates without a private key (e.g. PEM format) a GUI stack trace was displayed. Display of RSA key size (Bug ID 8461) Instead of displaying the correct key size in Entities > RSA Keys, 512 bit was always displayed. L2TP via NAT traversal It was not possible to make L2TP connections from clients behind a NAT firewall to the UTM system. Deletion of last admin user (Bug ID 8462) It was possible to delete the last user in System Management > Administration > User. After this it was no longer possible to login to the UTM system. Creation of certificates (Bug ID 8767) If the CA's passphrase was entered incorrectly during the creation of a certificate or a CRL, no error message was displayed and an incomplete configuration was stored. Filtering of the internal Log If the value All was selected for the option Subsystem in the dialogue Monitoring > Internal Log, no log messages were displayed 8

GUI stracktrace when displaying Active Connections In some circumstances a GUI stack trace was displayed in Monitoring > Active Connections. ClamAV error message (Bug ID: 8214) ClamAV has generated the error message unknown error when looking for updates. Error code 55'. Now ClamAV error messages are no longer interpreted by the UTM, allowing for easier diagnostics. Error message during HTTP requests (Bug ID: 8678, UTM 1100 only) During the update of virus patterns the following error message was displayed in the web browser: Virus scan failed: Scan daemon failed (1013 Error\srunning\sclamdscan WARNING:\sCan't\sconnect\sto\sclamd.\n) GUI stack trace during configuration of IPSec Policies (Bug ID: 8827) In VPN > IPSec > Policies a stack trace was displayed when Aggressive Mode was selected. The aggressive mode was removed completely from the UTM product. 9

Release 1.00.4 Release date: 7.05.2007 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 New Features And Changes POP3 Proxy tagging of spam messages Now the subject of spam messages is tagged by the POP3 Proxy with the tag ***SPAM***. Bug Fixes Login to the web GUI For gateway users (Entities > Authentication > User) it was possible to login to the UTM web GUI like admin users. Error in IPS configuration (portscan) When the Network Item Any (or another Network Item of type network and the content 0.0.0.0/0) was used in the portscan configuration, it was not possible to start the IPS subsystem. Error in IPS configuration (REJECT action) When the REJECT action was used for any rule or rule group, it was not possible to start the IPS subsystem. 10

Timeout problem during FTP downloads via HTTP Proxy During the FTP download of large files via the HTTP Proxy timeouts occurred depending on the file size and the available bandwidth. DNS server When only one DNS server was configured in Management > Global Settings > Settings a reboot was required to activate the configuration. With the configuration of two servers the changes took effect immediately. NAT An incorrect user entry could prevent the firewall subsystem from starting up. IPSec Algorithms which are not supported by the underlying IPSec implementation were removed from the web GUI (VPN > IPSec > Policies). Timestamp offset in log entries There was an offset in the timestamp of log entries of various subsystems. The offset between UTC and local time was not handled correctly. 11

Release 1.00.3 Release date: 20.02.2007 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 New Features And Changes ClamAV scan engine Update of the ClamAV scan engine Bug Fixes na 12

Release 1.00.2 Release date: 31.01.2007 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 New Features And Changes na Bug Fixes Not possible to activate interfaces After running the Setup Wizard it was not possible to activate additional interfaces. Release 1.00.1 Release date: 19.01.2007 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 13

New Features And Changes IPS Improved portscan detection. Bug Fixes na 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information