Funkwerk UTM Release Notes (english)

Similar documents
Funkwerk UTM Release Notes (english)

Steps for Basic Configuration

Configuring Trend Micro Content Security

Innominate mguard Version 6

Step-by-Step Configuration

SSL VPN Portal Options

NETASQ MIGRATING FROM V8 TO V9

Chapter 10 Troubleshooting

Chapter 8 Router and Network Management

Barracuda Link Balancer Administrator s Guide

Barracuda Link Balancer

SonicWALL Security Quick Start Guide. Version 4.6

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

Multi-Homing Gateway. User s Manual

Chapter 2 Connecting the FVX538 to the Internet

Barracuda Spam Firewall User s Guide

Migration Manual (For Outlook Express 6)

Application Note Startup Tool - Getting Started Guide

eprism Enterprise Tech Notes

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2

Astaro User Portal: Getting Software and Certificates Astaro IPsec Client: Configuring the Client...14

Quick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business

CYAN SECURE WEB APPLIANCE. User interface manual

F-Secure Messaging Security Gateway. Deployment Guide

Deployment Guide: Transparent Mode

SonicWALL PCI 1.1 Implementation Guide

Issue 1 April 2, 2009 Using the VT2442 Web User Interface

Multi-Homing Security Gateway

Cisco Expressway Basic Configuration

Setting Up Scan to SMB on TaskALFA series MFP s.

Migration Manual (For Outlook 2010)

Networking Guide Redwood Manager 3.0 August 2013

1 You will need the following items to get started:

Barracuda Spam Firewall Administrator s Guide

Firewall Defaults and Some Basic Rules

escan SBS 2008 Installation Guide

Preparing for Version 10

Version 0.1 June Xerox WorkCentre 7120 Fax over Internet Protocol (FoIP)

Smart Card Authentication. Administrator's Guide

UIP1868P User Interface Guide

Step-by-Step Configuration

Chapter 9 Monitoring System Performance

Load Balancer LB-2. User s Guide

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

SOHO 6 Wireless Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0

Scenario: IPsec Remote-Access VPN Configuration

Domains Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc.

TW100-BRV204 VPN Firewall Router

DEPLOYMENT GUIDE Version 2.1. Deploying F5 with Microsoft SharePoint 2010

COMMANDS 1 Overview... 1 Default Commands... 2 Creating a Script from a Command Document Revision History... 10

Load Balancing Router. User s Guide

Chapter 4 Managing Your Network

Pharos Control User Guide

1 Accessing accounts on the Axxess Mail Server

7.1. Remote Access Connection

Virtual Appliance Setup Guide

Chapter 8 Monitoring and Logging

BR Load Balancing Router. Manual

Barracuda Spam Firewall User s Guide

Firmware Release Notes

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

How To - Deploy Cyberoam in Gateway Mode

BorderWare Firewall Server 7.1. Release Notes

Comodo Korugan Software Version 1.4

NEFSIS DEDICATED SERVER

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Known Issues... 2 Resolved Issues...


Release Notes. Contents. Release Purpose. Platform Compatibility. Windows XP and Internet Explorer 8 Update

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Comprehensive Anti-Spam Service

Multi-Homing Dual WAN Firewall Router

Chapter 1 Configuring Basic Connectivity

What s New in Propalms VPN 3.5?

Mediatrix 4404 Step by Step Configuration Guide June 22, 2011

Smart Card Authentication Client. Administrator's Guide

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

SonicOS Enhanced Release Notes TZ 180 Series and TZ 190 Series SonicWALL, Inc. Firmware Release: August 28, 2007

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

LevelOne. User Manual. FBR-1430 VPN Broadband Router, 1W 4L V1.0

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

Administrator's Guide

If you have questions or find errors in the guide, please, contact us under the following address:

How To Set Up A Barcuda Server On A Pc Or Mac Or Mac (For Free) With A Webmail Server (For A Limited Time) With An Ipad Or Ipad (For An Ipa) With The Ip

RF550VPN and RF560VPN

1.1 SIP - No call possible

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting...

Manual. IP Sensor and Watchdog IPSW2210. I P S W M a n u a l P a g e 1. Relay Output. Power input. 12VDC adapter LED Indicators. 2 Dry.

System Admin Module User Guide. Schmooze Com Inc.

VPNBee manual VPNBee is a firewall by Gayatri Hitech but it is more a product of products rather than a single product.

Polycom RealPresence Access Director System Administrator s Guide

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

Transcription:

Funkwerk UTM Release Notes (english) General Hints Please create a backup of your UTM system's configuration (Maintenance > Configuration > Manual Backup) before you start with the installation of the software update. Also make a note of which software version is currently running on your UTM system. If an error occurs during the update (e.g. power failure, accidental power down), the UTM system may become unusable. Should this happen, perform a Factory Reset, install the software version which was running before the update and restore (Maintenance > Configuration > Restore) the saved configuration. Then try the update again. Release 1.95.0 Release Date: March 1, 2009 This version of the system software supports the following appliances: UTM1100 UTM1500 UTM2100 UTM2500 Hints Regarding The Release The software version 1.60.0 or higher must be installed on the UTM1500, UTM2100 and UTM 2500 appliances before installing the update. Log out of the user interface or completely close your web browser after the installation. The browser cache must be cleared, too. 1

New Features And Changes New version of the packetalarm UTM SSL VPN client. Version 1.12 of the client is now available for download in the administration WebGUI and in the user portal. Clients already set up on the system may also be updated through the built in update functionality. Further information on the changes can be found in the release notes under http://www.funkwerkec.de/portal/downloadcenter/dateien/funkwerk_utm/packetalarm_ssl_v pn_client_release_note_1_12_de.pdf. HTTP Proxy Transparent Mode It is now possible to run the HTTP proxy in transparent mode. When the proxy is running in transparent mode, it is not necessary to configure packetalarm UTM as a proxy in the client's setup. TCP connections which are routed through the UTM and which match the configured TCP ports are automatically redirected to the HTTP proxy. Proxy user authentication is not available in transparent mode. It is possible to run the proxy either in standard mode (current functionality) or in transparent mode. HTTP Proxy Progress Bar For HTTP Downloads A size limit can be set for HTTP downloads and any download exceeding this limit will make a progress bar appear in the browser. The progress bar shows gives the user feedback about the state of the download. It also prevents browser timeouts during long delays (e.g. slow connection to the server and virus scanning). HTTP Proxy Extensions For Error Messages It is now possible to configure a custom text which is displayed in the web browser in addition to the error messages of the HTTP proxy (e.g. Access Denied). 2

FTP Proxy Transparent Mode It is now possible to run the FTP proxy in transparent mode. When the proxy is running in transparent mode, it is not necessary to configure packetalarm UTM as a proxy in the client's setup. TCP connections which are routed through the UTM and which match the configured TCP ports are redirected automatically to the FTP proxy. Proxy user authentication is not available in transparent mode. It is possible to run the proxy either in standard mode (current functionality) or in transparent mode. NAT 1 to 1 Translation Of Networks Source NAT and destination NAT now allow a one to one translation of whole networks taking account of the netmask. While network part of the address is translated, the host part remains the same (e.g. 92.168.100.x/24 > 10.10.0.x/24). NAT Ordering Of Policies It is possible for the administrator to order the NAT policies. That policy which is displayed topmost in the list of NAT policies will be processed first (cf. Firewall Policies). Resolved Issues LDAP Synchronisation The LDAP synchronisation failed and led to long periods of high CPU load when a many (several thousand) email addresses were involved. This is now fixed. Release 1.90.1 Release Date: Nov 25, 2008 This version of the system software supports the following appliances: 3

UTM1100 UTM1500 UTM2100 UTM2500 Hints Regarding The Release The software version 1.60.0 or higher must be installed on the UTM1500, UTM2100 and UTM 2500 appliances prior to installing the update. Log out of the user interface or completely close your web browser after the installation. The browser cache must be cleared, too. New Features And Changes New version of the packetalarm UTM SSL VPN client. Version 1.10 of the client is now available for download in the administration WebGUI and in the user portal. Clients already set up on the system may also be updated through the built in update functionality. Further information on the changes can be found in the release notes under http://www.funkwerkec.de/portal/downloadcenter/dateien/funkwerk_utm/packetalarm_ssl_v pn_client_release_note_1_10_de.pdf. Performance Increase for HTTP Content Checking The performance of the HTTP content checks has been improved through optimizations in caching and database querying. 4

Resolved Issues New version of Clam AV Security update of the CLAM AV virus scanner. See http://lists.grok.org.uk/pipermail/full disclosure/2008 November/065530.html for details. Email Whitelists and Blacklists (Bug ID 10987) A bug in the processing of the email lists would not let the whitelists and blacklists of the POP3 and SMTP proxies be correctly processed. The problem first appeared in version 1.90.0. The following components were affected: UTM1100: SMTP and POP3 proxies UTM1500/2100/2500: POP3 proxy Input checking (Local Services > Anti Spam) (Bug ID 10974) A bug in the input checking would make the field Realtime Blackhole Lists / Database Hosts mandatory, and the form could not be saved unless a host was entered. The problem first appeared in version 1.90.0. SMTP Proxy Case Sensitivity of Email Addresses (UTM1500/2100/2500, Bug ID 10957) On receipt of an email, the SMTP proxy would compare the target address with the email addresses assigned to the users with case sensitivity. This would lead to the application of the users' individual configuration 5

(spam level, whitelists and blacklists) only on a case match. The same would be true of the user's quarantine mail setup. POP3 Proxy Corrupted Emails (UTM 1500/2100/2500, Bug ID 10950) The content of emails would be corrupted. This would happen sporadically with large attachments and depended on the behaviour of the TCP/IP connection between the POP3 server and the UTM appliance. POP3 Proxy Corrupted Emails (UTM 1100) When the POP3 proxy was set up to forward emails exceeding a specific size without checking, these mails would be corrupted. POP3 Proxy permanent high CPU load (UTM1500/2100/2500, Bug ID 10943) When the connection between the POP3 server and the UTM appliance went down, the system would possibly enter an endless loop. This would lead to a steadily high CPU usage. POP3 Proxy Mail Deletion (UTM1500/2100/2500) On some POP3 servers, mails could not be deleted. Diagnostic Output Error on SSL VPN Deactivation (Bug ID 10946) With SSL VPN deactivated, on selection of all logs for display under Maintenance > Diagnostic > System, an error would occur. 6

Password White Spaces Users with spaces in their passwords would not be able to log on after local authentication or AAA server authentication. All components requiring a log on except the HTTP proxy and PPTP/L2TP with MS CHAP were affected. Backtrace on Input of a User Name When a username containing spaces was entered in Entities > Authentication > Users, a backtrace instead of a proper error message would appear. User Deletion (UTM1500/2100/2500) Users with whitelists and blacklists set up in the user portal could not be deleted under Entities > Authentication > Users. An error would appear when a deletion was attempted. Wrong Input Checking (UTM1500/2100/2500) All input fields requiring an FQDN would (wrongly) also accept an IP address. If an IP address was accidentally entered, this would possibly result in an invalid configuration which would make a config reset necessary. Start up Error of HTTP proxy The HTTP proxy cannot be started when a HTTP policy references an empty URL list. Therefore it is no longer possible to save empty URL lists. Download of the SSL VPN client It was not possible to download the client from the administration WebGUI with SSL VPN deactivated. 7

Bug in POP3 and SMTP Anti Spam (UTM1100) The emails received would contain an error message about a missing shared library instead of the mail content. High CPU Usage on LDAP Synchronisation (UTM1500/2100/2500) Depending on the number of LDAP users, an unusually high CPU usage would occur in the UTM system. Another problem was that configuration changes could not be saved in the administration WebGUI (error message: database locked). Release 1.90.0 Release date: 15.09.2008 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 UTM 2500 Hints Regarding The Release In order to install this update on UTM 1500, 2100 or 2500, it is required that the system is running at least software version 1.60.0 or later. Please log out of the web administration interface after installation (using the Logout button) or close your web browser. In addition it is necessary to clear the browser cache. 8

New Features And Changes Support for PPPoA/PPTP It is now possible to create virtual interfaces of the type 'PPPoA/PPTP'. This feature facilitates using the UTM in conjunction with DSL Modems that provide a PPTP interface to the subscriber network. Support for VLANs following IEEE 802.1Q The UTM now provides virtual interfaces of type VLAN. Using this interface type, the UTM can be connected directly to VLANs following the IEEE 802.1Q standard. Multiple VLAN interfaces can be defined per physical Ethernet interface. MTU configuration The MTU (Maximum Transfer Unit) can now be configured for all types of virtual interfaces. Merge of User/Portal User Management of the portal users (Local Services > User Portal > User) has been merged into user management under Entities > Authentication > User for increased ease of use. For this, users have been assigned a 'Type' attribute which can be set to 'local' (users managed by the UTM) and 'remote' (users managed by an AAA Server). A more detailed description can be found in the updated user manual. Default values for certificates Under Entities > Certificates > Defaults it is now possible to define default values that are used as suggestions in entry fields of the dialogues for creating CAs and user certificates. These suggestions can then either be edited or used unchanged in the respective forms. This greatly reduces effort when creating new certificates. 9

Time controlled firewall policies Firewall policies of the type Filter HTTP Proxy POP3 Proxy SMTP Proxy (UTM1100 only) can now be defined as depending on time (time of day and day of the week). For this, time ranges can be defined under Entities > Time Ranges, which can then be used within the policies as an additional criterion that need to be met (similar to source IP address or service). Email rejection by SMTP proxy (UTM1500, 2100, 2500 only) The SMTP proxy now checks e mail content before acknowledging receipt of the message (return code 250). If the content of the email is identified as undesirable (spam, virus or forbidden attachment) and 'Block' or 'Quarantine' was configured as corresponding action, the message is rejected with code 554. This way actual senders can be notified of the problem without the need to send an explicit 'bounce message'. Quarantine for SMTP email (UTM1500, 2100, 2500 only) Messages with undesirable content that have been received via the SMTP proxy can be held in a quarantine area within the UTM system. There, the administrator or users can verify and either delete or release them. Unprocessed messages are automatically deleted by the UTM after a configurable amount of time. Please note that the SMTP proxy will reject messages with return code 554 even if they are copied to the quarantine area. 10

Parallel virus scanning (UTM1500, 2100, 2500 only) To avoid excessive load, the UTM makes sequential calls to the virus scanner, i.e. the files to be scanned are lined up in a queue. When the queue is processed, files that were received by the HTTP proxy are always given priority to ensure a steady flow for web access. The disadvantage of this method is that scanning a single large file will delay processing of smaller files. To minimize this problem, the UTM now uses two queues with two virus scanners working in parallel. Small files are entered into the first queue, whereas large files are queued into the second. The threshold can be configured under Local Services > Anti Virus > Advanced using the Large file threshold setting. Configurable number of SMTP anti spam engines (UTM1500, 2100, 2500 only) The number of anti spam engines can now be configured by the user. The number of engines determines how many messages can be checked for spam at the same time. The lowest value (default setting) is 2, the highest 6. The maximum value should only be used if the UTM is primarily used as SMTP gateway. Disabling external checks of the SMTP anti spam engine (UTM1500, 2100, 2500 only) Some checks performed by the anti spam engine need Internet access (primarily DNS requests). These checks can now be fully deactivated (Local Services > Anti Spam, setting Disable External Checks). Warning upon large number of messages in the SMTP mail queue (UTM1500, 2100, 2500 only) A warning message is generated if a configurable number of messages 11

in the mail queue is exceeded. This setting can be configured under Local Services > Proxy Server > SMTP > Advanced using the parameter Queue Size Warning. The message is sent via the UTM logging system and can therefore be dispatched via the log targets as needed. Support for SMTP authentication, TLS and configurable TCP ports Use of SMTP AUTH and TLS can now be configured for sending messages via SMTP. This covers sending messages generated by the UTM (logging, automatic backup, quarantine report) as well as messages sent by the SMTP proxy (UTM1500, 2100, 2500 only). In addition it is now possible to specify the TCP port of the recipient SMTP mail server. Extended mail routing for incoming email (UTM1500, 2100, 2500 only) Incoming messages can now be routed to a configurable internal mail server depending on the recipient domain. This way distinct domains can be distributed to separate servers. Monitoring UTM hardware using SNMP Fan speed (UTM1500, 2100, 2500 only) as well as CPU core temperature can now be queried using the SNMP agent. Please consult the updated user manual for a reference of MIBs supported by the SNMP agent. SSL VPN As an additional alternative to provide network access to external users the UTM now provides the option to accept VPN connections using the SSL protocol (TCP) secured by certificates. In order to simplify installation and configuration for the user, the user portal has been extended in this regard. The client software and the corresponding configuration are provided as a direct download to authorized users. For 12

a detailed description please consult the updated user manual. Resolved Issues POP3 Proxy (UTM1500, 2100, 2500 only) Several errors in the new POP3 proxy that has been introduced in release 1.80.0 resulted in large messages not being downloaded messages not being deleted from the server messages being only partly downloaded communication failures with certain types of POP3 servers failures when sending quarantine reports HTTP Content Check Failure of a single server in the URL classification infrastructure could result in the inability of the UTM to perform classifications even though other servers were still reachable. Release 1.80.0 Release date: 30.05.2008 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 UTM 2500 13

Hints Regarding The Release In order to install this update on UTM 1500, 2100 or 2500, it is required that the system is running at least software version 1.60.0 or later. New Features And Changes Statistics This feature collects statistical data from UTM subsystems (e.g. anti spam, anti virus etc.) as well as performance data like CPU and memory usage. Depending on the type of information collected, the data is displayed as graphs or in tables. NTP server using FQDN In addition to specify an NTP server by its IP address, it is now also possible to use the server's FQDN. This is possible in the Setup Wizard as well as the System Management > Global Settings > Date & Time dialogue. This feature allows easy use of publicly available NTP servers like pool.ntp.org. License expiration warning Now UTM offers the option to provide an early warning before a license component (Maintenance, Anti Spam, Anti Virus) will expire. The point in time when the first warning will be sent as well as its recurrence can be configured. The warnings are sent as UTM log messages. By configuring appropriate Log Targets it is possible to define in which format and to which recipient a warning will be sent. Configurable TCP ports of the admin GUI The TCP ports of the HTTP and HTTPS access of the administration GUI are now configurable. It is also possible to disable HTTP access entirely to prevent administration over an unencrypted HTTP connection. 14

Easier use of Network Items It is now possible to create, change and view the definition of network items in all dialogues were they are used. It is also possible to view the definition of a network item in all lists where the name of a network item is displayed, simply by clicking the name. Further on it is possible to display (under Entities > Network Items) all configuration items which are using a specific network item. Time controlled shut down of PPPoE connections PPPoE connections can be shut down on a daily basis to prevent a forced disconnection by the internet service provider. The point in time can be configured so the shut down will take place outside of working hours. Policy Based Routing Policy based routing (PBR) provides the means to set up routing for IP packets according to configurable rule sets. Similar to firewall policies, attributes like source address, source interface, service and so on can be used to forward packets to a specific gateway or via a specific interface. Quarantine of POP3 virus and spam emails (UTM 1500, 2100, 2500 only) Emails containing viruses and spam received by using the POP3 proxy can now be quarantined on the UTM system. The administrator of the UTM and end users can verify the emails kept in quarantine storage. Email messages can be released or deleted from quarantine. Emails which have not been processed are deleted automatically from quarantine after a configurable amount of time. Important note: The setting Pass in the dropdown Action when Virus is found under Local Services > Anti Virus will now instruct the proxy to pass emails containing a virus to the client without modification. In previous releases the setting Pass caused replacement of such mails with a warning message. Please change the dropdown from Pass to Block if needed to avoid viruses reaching the client. 15

User portal for quarantine maintenance (UTM 1500, 2100, 2500 only) The user portal offers end users the possibility to maintain their quarantined email messages by themselves. If allowed by the administrator they can also adjust the levels of the spam scores for tagging and quarantining of email messages in the portal. Limiting file size for HTTP virus scans (UTM 1500, 2100, 2500 only) Like on the UTM 1100 it is now possible to define up to which size files are scanned for viruses when using the HTTP proxy. Restore of backups from older software versions It is now possible to restore backups which were created using older UTM software versions. Please note that backups created prior to UTM version 1.50.0 are not supported. Configurable spam tag The text which is inserted into the subject by the POP3 and SMTP proxy for tagging spam email messages is configurable now. SSLv2 support removed Because of security reasons the support for SSLv2 was removed. This affects all possibilities to access the UTM by HTTPS (admin GUI, OOBA, userportal).through this the requirements of the PCI Security Standards Council regarding HTTPS will be met. Resolved Issues na 16

Release 1.70.0 Release date: 29.10.2007 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 UTM 2500 Hints Regarding The Release In order to install this update on UTM 1500, 2100 or 2500, it is required that the system is running at least software version 1.60.0 or later. New Features And Changes HTTP Content Filter Access to web pages using the HTTP Proxy can now be granted or denied based on categories (e.g. Pornography, Shopping...). For this, allowed or forbidden categories can be combined into Content Profiles (Entities > Content Profiles). These profiles can then in turn be associated with HTTP policies under Firewall > Policies > HTTP. A combination with other policy settings (e.g. user authentication) is also possible. The Content Filter feature is an extension that needs to be licensed separately. High Availability The High Availability feature (Local Services > High Availability) can be used to improve system availability in conjunction with deployment of a hot standby system. In case of failure of the primary (master) system, the hot standby system will take over its functions. The system 17

configuration needs to be maintained on the master system only and is transferred to the standby system automatically. Transfer of the configuration as well as exchange of the heartbeat signal is performed via one of the Ethernet ports. There is no transfer of established sessions (firewall, VPN...). Extensions (users, Kaspersky Antivirus, Commtouch Antispam...) have to be licensed only once for each master/standby installation. Quality of Service (QoS) The QoS feature allows controlling the bandwidth of outgoing traffic on a virtual interface. For this, available bandwidth is divided into classes which are then assigned IP packets using a variety of criteria. A minimum and maximum bandwidth can be defined for each class. If a class does not use up the minimum bandwidth in its entirety, the remaining bandwidth is distributed among the other classes, allowing them to benefit until their maximum bandwidth is matched. OSPF Routing Protocol Funkwerk UTM is now able to dynamically exchange routing information with other systems using the OSPFv2 routing protocol. For every interface of the type Base it is possible to separately select participation in the OSPF routing process. Firewall Support for SIP, PPTP and TFTP The firewall was extended with so called connection trackers for SIP, PPTP and TFTP. These connection trackers enable the stateful firewall to handle protocols that dynamically negotiate additional connections between client and server (e.g. RTP with SIP). Timeout and manual flushing of IP/license bindings Every client system within an internal network sending IP packets passing through the Funkwerk UTM uses one of the available licenses. For this, the IP address of the system is assigned to a license. In previous releases this binding was maintained until the Funkwerk UTM was 18

restarted. A timeout feature has now been added to this mechanism. If the client system stops sending IP packets across the Funkwerk UTM, the binding is released after 5 hours and the license becomes available again for use by other client systems. In addition, the menu item Monitoring > License Usage now offers a way to manually flush individual IP/license bindings. Deleting the entire mail queue (UTM 1500, 2100, 2500 only) Using the menu item Maintenance > Diagnostic > Mailqueue it is now possible to delete the entire content of the SMTP proxy's mail queue. This function will delete all mail queue entries after prompting for confirmation. Secondary IP Addresses Secondary IP addresses can now be bound to interfaces with a static primary IP address (Networking > Interfaces > IP / Virtual). In addition it is configurable whether UTM services (e.g. proxies, web interface...) should only be bound to the primary IP address of an interface or to the secondary addresses as well. All VPN variations are exempt from this. VPN servers can only be bound to the primary address in all cases. Resolved Issues Display of the IPSec Phase 1 ID (Bug ID 8949) Under Monitoring > VPN Connections > IPSec the Phase 1 ID of an IPSec connection was displayed incorrectly. Certificate Calculator (Bug ID 8778) 19

Under Certificates > Calculator, place holders for the User Distinguished Name were determined incorrectly. 20

Release 1.60.0 Release date: 13.08.2007 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 UTM 2500 Hints Regarding The Release During the installation of the update on UTM 1500, 2100 and 2500 systems the configuration data will be converted. This operation will take a few minutes. New Features And Changes Setup Wizard The selection Previous Configuration / Factory Defaults was removed from the Setup Wizard. Now the Setup Wizard always uses the factory default configuration. Administration via any Interface Now it is possible to access the web GUI via any interface (including PPPoE, PPTP and L2TP). This allows administration of the UTM system from IP addresses outside of the local network. This feature was already available in the UTM 1100. DHCP Client The UTM system can act now as a DHCP client on each ethernet interface. This feature was already available in the UTM 1100. 21

IPSec peers with dynamic IP address Now it is possible to make outgoing IPSec connections to peers with a dynamic IP address. The peer has to use dynamic DNS (e.g. Dyndns) to provide its IP address. The UTM system will reconnect the IPSec tunnel if it detects a change of the DNS resolution. IPSec Dead Peer Detection Dead Peer Detection based on RFC 3706 is now supported by the UTM system. This feature can be configured separately for each connection definition. Configurable IPSec IDs The local and the peer's IPSec ID can be configured now. The following types of IDs are available: IP address, FQDN, email address. Resolved Issues CA root certificates for IPSec Now all imported and local generated CA root certificates will be used to validate the peer's certificate. Sender spam notification Even though sender spam notification was configured in Local Services > Anti Spam no notification was sent to the sender of the spam email. Forbidden Extensions The setting Forbidden Attachments in Local Services > Proxy Server > SMTP was not used when virus and spam check was disabled. 22

HTTP proxy user authentication (Bug ID 8484) Authentication against the HTTP proxy was not possible for users with upper case characters in their user names. Commtouch spam detection (UTM 1100 only) The Commtouch spam detection was not working when the UTM system's hostname was configured as a FQDN. Processing of UTF 8 encoded emails (UTM 1500, 2100, 2500 only) The UTM system was not able to handle emails with UTF 8 encoded parts correctly. The email was bounced to the sender. GUI TCPDump (UTM 1100 only) In Maintenance > Diagnostic > TCPDump the download button was not working. GUI stack trace in SMTP Proxy configuration When no Network Items of type Host were configured on the UTM system a stack trace was displayed when pressing the OK button in Local Services > Proxy Server > SMTP. Import of CA root certificates (Bug ID 8556) It was not possible to import root certificates with the content critical in the section 509v3 Basic Constraint. 23

GUI stack trace during the import of CA root certificates (Bug ID 8828) During the import of root certificates without a private key (e.g. PEM format) a GUI stack trace was displayed. Display of RSA key size (Bug ID 8461) Instead of displaying the correct key size in Entities > RSA Keys, 512 bit was always displayed. L2TP via NAT traversal It was not possible to make L2TP connections from clients behind a NAT firewall to the UTM system. Deletion of last admin user (Bug ID 8462) It was possible to delete the last user in System Management > Administration > User. After this it was no longer possible to login to the UTM system. Creation of certificates (Bug ID 8767) If the CA's passphrase was entered incorrectly during the creation of a certificate or a CRL, no error message was displayed and an incomplete configuration was stored. Filtering of the internal Log If the value All was selected for the option Subsystem in the dialogue Monitoring > Internal Log, no log messages were displayed 24

GUI stracktrace when displaying Active Connections In some circumstances a GUI stack trace was displayed in Monitoring > Active Connections. ClamAV error message (Bug ID: 8214) ClamAV has generated the error message unknown error when looking for updates. Error code 55'. Now ClamAV error messages are no longer interpreted by the UTM, allowing for easier diagnostics. Error message during HTTP requests (Bug ID: 8678, UTM 1100 only) During the update of virus patterns the following error message was displayed in the web browser: Virus scan failed: Scan daemon failed (1013 Error\srunning\sclamdscan WARNING:\sCan't\sconnect\sto\sclamd.\n) GUI stack trace during configuration of IPSec Policies (Bug ID: 8827) In VPN > IPSec > Policies a stack trace was displayed when Aggressive Mode was selected. The aggressive mode was removed completely from the UTM product. 25

Release 1.00.4 Release date: 7.05.2007 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 New Features And Changes POP3 Proxy tagging of spam messages Now the subject of spam messages is tagged by the POP3 Proxy with the tag ***SPAM***. Resolved Issues Login to the web GUI For gateway users (Entities > Authentication > User) it was possible to login to the UTM web GUI like admin users. Error in IPS configuration (portscan) When the Network Item Any (or another Network Item of type network and the content 0.0.0.0/0) was used in the portscan configuration, it was not possible to start the IPS subsystem. Error in IPS configuration (REJECT action) When the REJECT action was used for any rule or rule group, it was not possible to start the IPS subsystem. 26

Timeout problem during FTP downloads via HTTP Proxy During the FTP download of large files via the HTTP Proxy timeouts occurred depending on the file size and the available bandwidth. DNS server When only one DNS server was configured in Management > Global Settings > Settings a reboot was required to activate the configuration. With the configuration of two servers the changes took effect immediately. NAT An incorrect user entry could prevent the firewall subsystem from starting up. IPSec Algorithms which are not supported by the underlying IPSec implementation were removed from the web GUI (VPN > IPSec > Policies). Timestamp offset in log entries There was an offset in the timestamp of log entries of various subsystems. The offset between UTC and local time was not handled correctly. 27

Release 1.00.3 Release date: 20.02.2007 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 New Features And Changes ClamAV scan engine Update of the ClamAV scan engine Resolved Issues na 28

Release 1.00.2 Release date: 31.01.2007 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 New Features And Changes na Resolved Issues Not possible to activate interfaces After running the Setup Wizard it was not possible to activate additional interfaces. Release 1.00.1 Release date: 19.01.2007 This version of the system software supports the following platforms: UTM 1100 UTM 1500 UTM 2100 29

New Features And Changes IPS Improved portscan detection. Resolved Issues na 30

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information