StoneGate SSL VPN Release Notes for Version 1.3.0



Similar documents
Release Notes for Version

StoneGate IPsec VPN Client Release Notes for Version 4.3.0

StoneGate Firewall/VPN How-To Evaluating StoneGate FW/VPN in VMware Workstation

Remote Firewall Deployment

StoneGate SSL VPN Technical Note Adding Bundled Certificates

RELEASE NOTES. StoneGate Firewall/VPN v for IBM zseries

Using Microsoft Active Directory Server and IAS Authentication

StoneGate SSL VPN Technical Note Setting Up BankID

StoneGate SSL VPN Technical Note Setting Up SSO with Citrix Presentation Server

VPNC Interoperability Profile

StoneGate SSL VPN Technical Note Setting Up WPA Authentication

StoneGate SSL VPN Technical Note Setting Up Sygate On-Demand

BlackBerry Enterprise Server for Microsoft Office 365 preinstallation checklist

Intrusion Detection and Analysis for Active Response - Version 1.2. Installation Guide

Release Notes for Dominion SX Firmware 3.1.6

StoneGate SSL VPN Technical Note Setting up ActiveSync

version 1.0 Installation Guide

ADMINISTRATOR S GUIDE

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Integrated Citrix Servers

VERITAS Backup Exec TM 10.0 for Windows Servers

Upgrading Websense Web Security Software

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.3 R6)

Intel Active Management Technology with System Defense Feature Quick Start Guide

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Acronis Backup & Recovery 11.5 Quick Start Guide

SSL VPN Administrator s Guide. Virtual Private Networks

VPN CLIENT ADMINISTRATOR S GUIDE

LANDESK Service Desk. Supported Platforms and Feature Compatibility

StoneGate Administrator's Guide SSL VPN 1.1

Sage HRMS 2014 Sage Employee Self Service

Ahsay Replication Server v5.5. Administrator s Guide. Ahsay TM Online Backup - Development Department

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

Nokia Secure Access System Getting Started Guide. Version 3.0

BlackBerry Web Desktop Manager. Version: 5.0 Service Pack: 4. User Guide

Installation Guide Supplement

SMART Vantage. Installation guide

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Administration Guide

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.1 R4)

An Oracle White Paper October Frequently Asked Questions for Oracle Forms 11g

BlackBerry Enterprise Service 10 version 10.2 preinstallation and preupgrade checklist

Installing the SSL Client for Linux

Symantec Protection for SharePoint Servers Getting Started Guide

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Novell Access Manager SSL Virtual Private Network

Novell Open Workgroup Suite

Ensure that the server where you install the Primary Server software meets the following requirements: Item Requirements Additional Details

IBM Remote Lab Platform Citrix Setup Guide

DOCUMENTATION SHADOWPROTECT - MICROSOFT WINDOWS SYSTEM BACKUP AND RESTORE OPERATIONS

SMC INSTALLATION GUIDE

Acronis Backup & Recovery 11.5

Getting Started with RES Automation Manager Agent for Linux

v5.5 Installation Guide

VMware vcenter Log Insight Security Guide

2X Cloud Portal v10.5

v Installation Guide for Websense Enterprise v Embedded on Cisco Content Engine with ACNS v.5.4

What's New in BlackBerry Enterprise Server 5.0 SP4 for Novell GroupWise

User Guidance. CimTrak Integrity & Compliance Suite

DOCUMENTATION SYSTEM STATE BACKUP & RESTORE OPERATIONS

Novell Identity Manager Resource Kit

SSL Network Extender R71. Release Notes

Enterprise Vault Installing and Configuring

Installation Guide. Squid Web Proxy Cache. Websense Enterprise Websense Web Security Suite. v for use with

Foglight Experience Monitor and Foglight Experience Viewer

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

Juniper SSL VPN Notes Page 1

Table 1 shows the LDAP server configuration required for configuring the federated repositories in the Tivoli Integrated Portal server.

System Requirements and Platform Support Guide

RLP Citrix Setup Guide

XenClient Enterprise Synchronizer Installation Guide

IBM Proventia Management SiteProtector. Configuring Firewalls for SiteProtector Traffic Version 2.0, Service Pack 8.1

Citrix Access Gateway Enterprise Edition Citrix Access Gateway Plugin for Java User Guide. Citrix Access Gateway 8.1, Enterprise Edition

OnCommand Performance Manager 1.1

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

DameWare Server. Administrator Guide

HP A-IMC Firewall Manager

Intel Entry Storage System SS4000-E

Quark License Administrator ReadMe

MULTIFUNCTIONAL DIGITAL SYSTEMS. Operator s Manual for AddressBook Viewer

DOCUMENTATION MICROSOFT SQL BACKUP & RESTORE OPERATIONS

BlackBerry Enterprise Server Express for Microsoft Exchange

Compatibility Matrix BES12. September 16, 2015

Accessing Restricted University Online Resources Using Network Connect. on the Secure Remote Access Service

v5.2 Installation Guide for Websense Enterprise v5.2 Embedded on Cisco Content Engine

Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide

Acronis Backup & Recovery 11

Citrix XenServer 5.6 OpenSource Xen 2.6 on RHEL 5 OpenSource Xen 3.2 on Debian 5.0(Lenny)

Intel Storage System SSR212CC Enclosure Management Software Installation Guide For Red Hat* Enterprise Linux

Dell One Identity Manager 7.0. Help Desk Module Administration Guide

Symantec LiveUpdate Administrator. Getting Started Guide

Symantec AntiVirus for Network Attached Storage Integration Guide

Technical Note. BlackBerry Business Cloud Services

SSL VPN User Guide Access Manager 3.1 SP5 January 2013

VPN CLIENT USER S GUIDE

Citrix XenApp 6 Fundamentals Edition for Windows Server 2008 R2 Administrator's Guide

M86 Web Filter USER GUIDE for M86 Mobile Security Client. Software Version: Document Version:

HP IMC Firewall Manager

Transcription:

StoneGate SSL VPN Release Notes for Version 1.3.0 Created: June 12, 2009

Table of Contents What s New... 3 System Requirements... 4 Build Version... 4 Product Binary Checksums... 4 Compatibility... 5 Upgrade Instructions... 7 Known Issues... 9

What s New Features New features that have been introduced in StoneGate SSL VPN v1.3.0 are described in the table below. The following table lists the features briefly. Please consult the product documentation for more details. Feature Remote Upgrade Support Support for Microsoft Outlook Anywhere Extended SSO Support Windows Security Center Traffic Recording Advanced Password Policies Contextual Session Control Description It is now possible to update SSL VPN Gateways through the StoneGate Management Client. With SSL VPN 1.3, end users can synchronize their Microsoft Outlook e-mail, calendar, and contacts without any need to install an Access client. By securing the RPC communication with SSL, the SSL VPN 1.3 provides end users seamless, quick, and secure access to their e- mail, without the hassle of distributing, installing, and maintaining a third party VPN. From version 1.3, SSL VPN supports strong authentication with single sign-on for Telnet and SSH connections. In addition, StoneGate SSL VPN provides SSO for a wide range of applications, such as Windows Fileshare, Microsoft Terminal Server, Citrix Web Interface, Microsoft Sharepoint Portal, and Outlook Web Access. Using a plug-in, the Windows Security Center can be used to determine the security status of the client device before allowing access. The plug-in is included in the installation package. SSL VPN 1.3 Traffic Recording enables you to record any transaction between a user and the target system. SSL VPN 1.3 enables administrators to configure more advanced password policies to restrict how passwords are set and reset, for example, to disallow specific combinations of characters in a password. The growing adoption of intranet security domains calls for a new view on session time-outs that caters for users connecting in different contexts, such as from their assigned desktop or a guest desktop. Fixes Problems described in the table below have been fixed since StoneGate SSL VPN v1.2.1. A workaround solution is presented for earlier versions where available. Synopsis Windows Vista incompatibility with Access Client (#44943) Upgrade problem with SSL VPN appliances that have fiber interfaces (#47567) sginfo command also collects backup (#47695) Importing backup through Web Console not possible before creating backup Description When a resource that uses the SSL VPN Access Client is accessed from a Windows Vista machine, the whole machine may hang. Upgrading SSL-2000 or SSL-6000 appliances that have fiber interfaces may result in a change in interface mapping order. Running the sginfo command also includes a backup in the resulting sginfo file. Starting from 1.3.0, a backup is only included in the sginfo file if the following option is given with the sginfo command: --with-backup Importing a backup through the Web Console is not possible on a new system before at least one backup has been generated. The following error message is shown: "'/spool/backups/' does not exist, no backups were done yet on this host" Workaround for previous versions n/a n/a n/a Generate a backup and then import the backup needed. 3 StoneGate SSL VPN Release Notes for version 1.3.0

System Requirements StoneGate Appliances StoneGate SSL VPN v1.3.0 is supported on the StoneGate SSL-400, SSL-1030, SSL-2000, and SSL-6000 appliances. Administration Requirements StoneGate SSL VPN v1.3.0 administration requires the use of a workstation with a TCP/IP network configured and a Web browser installed. The supported Web browsers are listed in the table below: Operating System Microsoft Windows XP Home Edition (SP1, SP2) Microsoft Windows XP Professional (SP1, SP2) Microsoft Windows 2003 Server (SP2) Microsoft Windows Vista Enterprise Microsoft Windows Vista Business Microsoft Windows Vista Home Premium Apple Mac OS X 10.3.9 Apple Mac OS X 10.4 (Tiger) Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 7.0 Safari 1.3.2 (Mac OS X 10.3.9) Safari 2.0.4 (Mac OS X 10.4.7) Red Hat Enterprise Linux 5.0 SUSE Linux Enterprise Server 10 Build Version Web Browser The StoneGate SSL VPN v1.3.0 build version is 1313. Product Binary Checksums sslgw_engine_1.3.0.1313 _i386.iso MD5SUM 94010a57f89ef87fd1a734d8e047b7c0 SHA1SUM 403a9abb8521639163b46017c28b19c6f3198a90 sslgw_engine_1.3.0.1313_i386.zip MD5SUM bcc2b3280dde182fae1212443e112a68 SHA1SUM 41120182f2f94c8da6cabfb8fb450408628522dc 4 StoneGate SSL VPN Release Notes for version 1.3.0

Compatibility Directory Services User information can be stored in an internal user directory, or one of the following external directory services can be used: Microsoft Active Directory 2003 Novell edirectory OpenLDAP Sun Java System Directory Server Oracle Internet Directory (authentication only) Tivoli Directory Server (authentication only) IBM RACF LDAP (authentication only) Note! When using mirrored pair configuration, external directory service is required. Application Portal The supported Web browsers for the StoneGate Application Portal are listed in the table below: Operating System Microsoft Windows XP Home Edition (SP1, SP2) Microsoft Windows XP Professional (SP1, SP2) Microsoft Windows 2003 Server (SP2) Microsoft Windows Vista Enterprise Microsoft Windows Vista Business Microsoft Windows Vista Home Premium Apple Mac OS X 10.3.9 Apple Mac OS X 10.4 (Tiger) Red Hat Enterprise Linux 5.0 SUSE Linux Enterprise Server 10 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 7.0 Safari 1.3.2 (Mac OS X 10.3.9) Safari 2.0.4 (Mac OS X 10.4.7) Mozilla Firefox 1.5 Mozilla Firefox 1.5 Mozilla Firefox 1.5 Web Browser Access Client The runtime requirements for the StoneGate Access Client are listed in the table below: Operating System Microsoft Windows XP Home Edition (SP1, SP2) Microsoft Windows XP Professional (SP1, SP2) Microsoft Windows 2003 Server (SP2) Microsoft Windows Vista Enterprise Microsoft Windows Vista Business Microsoft Windows Vista Home Premium Apple Mac OS X 10.3.9 Apple Mac OS X 10.4 (Tiger) Red Hat Enterprise Linux 5.0 Runtime Requirements Sun Java Runtime Environment 1.1.8 or later, or ActiveX Client Sun Java Runtime Environment 1.1.8 or later Sun Java Runtime Environment 1.1.8 or later 5 StoneGate SSL VPN Release Notes for version 1.3.0

SUSE Linux Enterprise Server 10 Sun Java Runtime Environment 1.1.8 or later Additionally, when using the Access Client on Windows Vista, the following requirements apply: Requirement Access Client on Microsoft Windows Vista requires administrator rights StoneGate ActiveX Client Loader requirements Drive letter mapping in Windows Vista Remove AES cipher suites from Access Point configuration Java Runtime Environment Details The Access Client requires administrator rights to run properly on Windows Vista. To run the ActiveX Access Client loader successfully with Windows Vista UAC, you must add the Access Point server https address to the list of trusted sites in Internet Explorer. A single drive letter (for example, F:) cannot be used as a startup command in Windows Vista. All commands must be executed using runas to elevate to administrator mode since the mapping is done in administrator mode, and F: is not a valid executable. Use the following startup command instead: explorer /root, F: This works on both Windows XP and Windows Vista. The AES ciphers in Vista are not compatible with the SSL engine used in Access Point. You must remove the AES ciphers from Cipher Suites for your Access Point under Manage Global Access Point Settings. Remove the following ciphers: RSA_AES_128_CBC_SHA and RSA_AES_256_CBC_SHA. To run the PortWise Java Access Client, use Sun Java 1.6 Update 2 or later. 6 StoneGate SSL VPN Release Notes for version 1.3.0

Upgrade Instructions StoneGate SSL VPN version 1.3.0 requires an updated license to use the new features if you are upgrading from a version prior to 1.1.0. Customers with a valid support and maintenance contract can get the updated license from https://my.stonesoft.com/managelicense.do. When upgrading mirrored systems, refer also to upgrade instructions in SSL VPN Administrator's Guide, which is available from http://www.stonesoft.com/en/support/technical_support_and_documents/manuals/current/. Upgrade from previous version Upgrading the StoneGate SSL VPN from versions 1.2.0 and 1.2.1 to 1.3.0 is normally done through the Web Console Remote Upgrade functionality. After upgrade, log on to the StoneGate SSL VPN Administrator interface and accept the modified configuration in the dialog that is presented and then publish the updated configuration. Upgrade from version 1.1.1 Upgrading the StoneGate SSL VPN from version 1.1.1 to 1.2.1 is normally done through the Web Console Remote Upgrade functionality. After upgrade, log on to the StoneGate SSL VPN Administrator interface and accept the modified configuration in the dialog that is presented and then publish the updated configuration. Manual configuration is needed for the SSL VPN to be able to send logs to StoneGate Management Center (SMC). After upgrading to 1.2.1, set the Syslog Log Level Filter to Info for all services and log types in Monitor System -> Logging. Save and publish the configuration. Upgrade from version 1.1.0 Upgrading the StoneGate SSL VPN from version 1.1.0 to 1.2.1 is normally done through the Web Console Remote Upgrade functionality. After the upgrade from the Web Console is done, follow these steps to trigger new key generation for fixing issue #40399: 1. Log on to the appliance command line from serial console or through SSH. 2. Issue the following commands to trigger new key generation on next reboot: rm /data/webmin/etc/miniserv.pem rm /data/config/ssh/* rm /data/config/tls/* sg-admin reencrypt sg-admin certgen # Give this command only if internal certificate is used for Access Point sg-admin -upgrade 3. Reboot the appliance with command reboot. 4. Enter the Administration web interface and select Accept modified configuration to re-sign the configuration. Manual configuration is needed for the SSL VPN to be able to send logs to StoneGate Management Center (SMC). After upgrading to1.2.1, set the Syslog Log Level Filter to Info for all services and set the log types in Monitor System to Logging. Save and publish the configuration. 7 StoneGate SSL VPN Release Notes for version 1.3.0

Upgrade from earlier versions If you are using an SSL VPN version earlier than 1.0.2, first upgrade to version 1.0.2. Refer to the version 1.0.2 Release Notes for upgrade instructions. Upgrade from SSL VPN version 1.0.2 to version 1.2.1 must be done manually: 1. Download SSL VPN version 1.2.1 CD.iso image from https://my.stonesoft.com/download.do and prepare a bootable CD from this image. 2. Make a backup of the existing installation using sg-backup command and copy the backup to another computer. 3. If you are using appliance model SSL-400 or SSL-2000, attach an external CD-ROM drive with USB connector to the appliance s USB port. 4. Boot from installation CD and perform a full installation, overwriting existing partitions. 5. Copy the backup back to an appliance and restore previous configuration using sg-restore command. 6. To trigger new key generation for fixing issue #40399, issue the following commands: rm /data/webmin/etc/miniserv.pem rm /data/config/ssh/* rm /data/config/tls/* sg-admin reencrypt sg-admin certgen # Give this command only if internal certificate is used for Access Point 7. Upgrade the configuration using sg-admin upgrade command. 8. Reboot the appliance with command reboot. 9. Enter the Administration web interface and select Accept modified configuration to re-sign the configuration. Detailed upgrade instructions are available in the latest StoneGate SSL VPN 1.1 Administrator s Guide available at http://www.stonesoft.com/en/support/technical_support_and_documents/manuals/current/index.html. Note, that SSL VPN 1.1 Administrator s Guide does not contain step 6 on the list above, which is needed to trigger the fix for issue #40399. Manual configuration is needed for the SSL VPN to be able to send logs to StoneGate Management Center (SMC). After upgrading to1.2.1, set the Syslog Log Level Filter to Info for all services and set the log types in Monitor System to Logging. Save and publish the configuration. 8 StoneGate SSL VPN Release Notes for version 1.3.0

Known Issues The current known issues of StoneGate SSL VPN v1.3.0 are described in the table below. For an updated list of known issues, consult our Web site at http://www.stonesoft.com/en/support/index.html/. Synopsis Description Workaround Connections cannot be opened back to the client Windows Vista and Firefox Client firewall does not work on Windows Vista clients (#40657) Virtual IP addresses are not configured on the client. This prevents the connections from being opened from the internal server back to the client. Due to compatibility issues between Windows Vista, Firefox, and the Java plug-in for Firefox in Windows Vista, the Access Client may experience intermittent problems running tunnel sets. When the client firewall is configured for a resource, the Access Client stops working on Windows Vista. N/A N/A Add the following three Outgoing rules to the Client Firewall rules: W.X.Y.Z-W.X.Y.Z 443 TCP Any Accept 127.0.0.1-127.0.0.1 1-65535 TCP Any Accept 127.0.0.1-127.0.0.1 1-65535 UDP Any Accept Where W.X.Y.Z is the IP address of your Access Point. If using multiple Access Points, add a corresponding rule for each. 9 StoneGate SSL VPN Release Notes for version 1.3.0

Copyright and Disclaimer 2000 2009 Stonesoft Corporation. All rights reserved. These materials, Stonesoft products, and related documentation are protected by copyright and other laws, international treaties and conventions. All rights, title and interest in the materials, Stonesoft products and related documentation shall remain with Stonesoft and its licensors. All registered or unregistered trademarks in these materials are the sole property of their respective owners. No part of this document or related Stonesoft products may be reproduced in any form, or by any means without written authorization of Stonesoft Corporation. Stonesoft provides these materials for informational purposes only. They are subject to change without notice and do not represent a commitment on the part of Stonesoft. Stonesoft assumes no liability for any errors or inaccuracies that may appear in these materials or for incompatibility between different hardware components, required BIOS settings, NIC drivers, or any NIC configuration issues. Use these materials at your own risk. Stonesoft does not warrant or endorse any third party products described herein. THESE MATERIALS ARE PROVIDED "AS-IS." STONESOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO, THE INFORMATION CONTAINED HEREIN. IN ADDITION, STONESOFT MAKES NO EXPRESS OR IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE WITH RESPECT THE INFORMATION CONTAINED IN THESE MATERIALS. IN NO EVENT SHALL STONESOFT BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL OR INCIDENTAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING FROM THE USE OF THESE MATERIALS, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES. Trademarks and Patents Stonesoft, the Stonesoft logo and StoneGate are all trademarks or registered trademarks of Stonesoft Corporation. Multi-Link technology, Multi-Link VPN, and the StoneGate clustering technology-as well as other technologies included in StoneGateare protected by patents or pending patent applications in the U.S. and other countries. All other trademarks or registered trademarks are property of their respective owners. Stonesoft Corporation Itälahdenkatu 22A FI-00210 Helsinki Finland Tel. +358 9 476 711 Fax +358 9 4767 1234 Stonesoft Inc. 1050 Crown Pointe Parkway Suite 900 Atlanta, GA 30338 USA Tel. +1 770 668 1125 Fax +1 770 668 1131 Copyright 2009 Stonesoft Corporation. All rights reserved. All specifications are subject to change.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information