Clavister cOS Core 10.11.08


Clavister har släppt version 10.11.08 av cOS Core. Nytt i denna version är bland annat ett utökat stöd för applikationer i Application Control.

Från och med cOS Core 10.11.08 kan enheterna samla in information om installationen som skickas vidare anonyt till Clavister. Vilken information som skickas kan styras i konfigurationen, och funktionen kan även stängas av helt.

Kontakta Certezza Support vid frågor,
Telefon: 08-791 92 00

Buggfixar i cOS Core 10.11.08

COP-8880The options “ValidateLogBad”, “ValidateReopen”, “ValidReopenLog”, “ReopenValidate” and “ReopenValidLog” for the setting TCPSequenceNumbers did not work and the system behaved as if configured with “ValidateLogBad”.
COP-10405In rare occasions when using the PPTP ALG an incorrect ALG associated connection could be closed, resulting in unexpected behavior.
COP-11205An Ethernet interface with a manually assigned MAC address would revert to its original MAC address after the console command “ifstat -restart”.
COP-11338The Security Gateway might show unexpected behavior when restarting after changes in configuration if an SSL VPN interface using a specific Routing Table was already configured.
COP-12153Under certain circumstances the Security Gateway could display an error message to contact Clavister support after a successful use of the “License Activation” feature.
COP-13573The cOS Core web authentication feature could fail in some rare situations when the system was under heavy stress.
COP-13746Connections using the secondary route in a route monitor setup where the primary route had failed were incorrectly closed during reconfiguration.
COP-13777A Security Gateway with User Identity Awareness configured could in rare scenarios reboot unexpectedly.
COP-13799Configuring OSPF to run on top of VLAN interfaces did not set the VLAN’s Ethernet base interface’s receive mode parameter to accept OSPF multicast packets, causing OSPF communication to fail in some scenarios.
COP-13803The Security Gateway’s SNMP statistics could report active IPsec tunnels as “down” under certain circumstances.
COP-13810It was not possible to use Loopback interfaces or Interface Groups as the OuterInterface when configuring an SSL VPN interface.
COP-13820The H.323 ALG sometimes caused unexpected reboots.
COP-13841Routing IKE/ESP packets through a loop back interface could cause L2TP packets sent through the IPsec tunnel to be dropped.
COP-13900It was not possible to use the CLI command “ippool -renew” to renew leases.
COP-14115The Web User Interface selection box was not wide enough, which made long object names not being displayed in full.
COP-14137The CLI command ipsecstats’ argument ‘-num=all’ did not list the active SAs.
COP-14139Multiple identical routes were sometimes added at IPsec tunnel establishment if the IPsec tunnel was configured to dynamically add route to the remote network.
COP-14142Error messages output by the “time -sync” command were in some failure cases not informative enough to describe the problem.
COP-14229On rare occasions, the Security Gateway could perform an unexpected restart after reconfiguring a PPTP server that used LDAP authentication.
COP-14249Configuring an IPv6 core route would always cause a configuration warning.
COP-14258Corrupt IPsec data could occasionally cause the Security Gateway to become unresponsive. Affected models: SG4300,SG4500 and Wolf Series W5.
COP-14263Traffic passing through an IPsec tunnel was sometimes incorrectly dropped if there was fragmentation of the packets.
COP-14419The DHCP Server Custom Option parameter value was possible to leave empty, but gave an error message during Save & Activate. An error message is now shown if the value is left empty when clicking Ok on the Custom Option page.
COP-14308Valid UTF-8 characters were in some logs not shown properly.
COP-14313UDP packets sent from the Security Gateway when using the ping CLI command always had the same Fragmentation ID or Identification field set.
COP-14317The output from the “time -sync” command was shown in all active CLI sessions. It will now only appear in the session where the command was executed.
COP-14324The description of the Facility parameter in the Syslog Receiver configuration object was incorrect.
COP-14327When using a routing table with the “Ordering” setting configured to “Default”, the named table was sometimes incorrectly consulted first, instead of the default routing table, during route lookup.
COP-14351The device could restart unexpectedly when Application Control was disabled on an IPRule matching active IPv6 traffic.
COP-14362The value configured for certain objects was sometimes not displayed correctly. For instance the Bits Per Second for a COM Port Device always showed a configured value of 300 despite having something else set.
COP-14376The license page did not always show the correct model information.
COP-14382There was a problem importing certificates if the certificate file contained line breaks at certain points.
COP-14383The Security Gateway would drop non-first IPv6 fragments with a length shorter than the layer 4 header.
COP-14384The Security Gateway could in rare occasions reboot unexpectedly if Anti-Virus scanning was configured.
COP-14387The message shown when trying to log in with a user with insufficient privileges was not descriptive enough.
COP-14395The Advanced TCP Setting for CC (Connection Count) option was incorrectly named “TCP Option Connection Timeout” in the WebUI.
COP-14399Web Content Filtering did not work for HTTPS when the traffic was directed to a proxy.
COP-14416Descriptions for possible values when configuring Real Time Monitor Alerts has been updated to be more descriptive.
COP-14418The Security Gateway could generate TCP packets with incorrect checksum on connections using address translation and some content inspection feature, such as, Application Control or Anti-Virus. In rare cases this could lead to stalled TCP connections.
COP-14425Descriptions for possible values when configuring Real Time Monitor Alerts were not descriptive.
COP-14436The configuration warning message “Shared IP address cannot be equal to iface IP address” was missing the name of the offending interface.
COP-14447Non pertinent information was displayed in the console command “appcontrol -show_lists”.
COP-14449Using some layer 7 features, such as, Application Control or Anti Virus, would prevent ICMP errors from being forwarded even when the service was configured to allow ICMP errors.
COP-14461Comments were not visible on folders in the WebUI address book.
COP-14462Application Control frequently failed to recognize Skype. Changes have been made to improve the classification of Skype.
COP-14466Application Control sometimes identified an application as just TCP or just UDP.
COP-14467Fragmented traffic made Application Control unable to correctly classify certain applications at times, one being bittorrent. The classification can now handle this kind of traffic better.
COP-14474DHCP Relay did not forward DHCPACK messages if they were received on port 68.
COP-14480Some scenarios with static route insertion/removal through OSPF did not work in a High Availability setup.
COP-14482Using an IP4Address object with a DNS name as Remote Endpoint for an IPsec tunnel could lead to IPsec traffic problems.
COP-14485When the date filter was not given in the format YYYY-MM-DD for the CLI command “dconsole -date=” the system printed all the logs instead of an error message.
COP-14496Some HTTP operations could under certain situations result in second long lockups.
COP-14513The WebUI Connection status page copied the source interface to the destination interface after a search filter had been applied.
COP-14528DHCP Server configured with “Relayer Filter” erroneously dropped the unicast DHCP request/renewal messages from DHCP clients.
COP-14542In rare occasions, some applications, such as Skype or RDP, could not be allowed by Application Control.
COP-14553The background colors of the row on the connection page in the Web UI were not alternating after a filter had been applied.
COP-14587Traffic using routing rules with routing tables where the “Ordering” setting was set to “Default” was sometimes routed incorrectly.
COP-14594After receiving large LSA, the OSPF module reported memory error despite having enough available memory to use.
COP-14604If the MTU of a physical interface had been decreased, it was not possible to increase it again.
COP-14615Accessing certain HTTPS sites sometimes failed if the HTTP ALG was configured to do Web Content Filtering.
COP-14620The classified value in the Application Control statistics table suffered from duplicate and premature updates. This has been fixed, so, it is normal to expect a lower rate of updates after a firmware upgrade.
COP-14633Safe Search configured together with Web Content Filtering sometimes caused system reboot.
COP-14660Unsupported ISAKMP and IPsec Security Association Attributes received during IPsec tunnel setup resulted in a failed setup even if configured attributes also were sent.
COP-14663Some rare URLs were incorrectly forbidden by the Web Content Filtering (WFC) functionality.
COP-14664The H323 ALG could in rare occasions cause a system reboot.
COP-14679ICMPv6 error message “Packet too big” was not passed through cOS Core causing traffic to be blocked in certain scenarios.
COP-14682RemoveScripts was enabled on the http-outbound HTTP ALG in default configurations. Since almost all web pages use JavaScipts today, removing scripts will greatly harm the web experience. New default configurations will now have the value set to disabled.
COP-14687In rare occasions when using Anti-Virus, error messages regarding the Security Gateway’s internal storage could be printed on the console.
COP-14690Modern browsers were not correctly identified in the Web User Interface causing a message to be displayed that an unsupported browser version was being used.
COP-14706Application Control Rules would, with certain selected applications, take longer time than necessary to parse during reconfiguration.
COP-14709A configuration error occurred when the remote endpoint of an IPsec tunnel was set to an IP4Group that only consisted of one member.
COP-14743The span for the Update Center’s Hourly setting was not correct and has been changed from 11 to 12 hours.
COP-14744When using the “Hourly” interval for Update Center the updates ran every hour despite the setting’s value.
COP-14753The blacklist -show command displayed all blacklisted and white-listed hosts. It has been updated to display a default of 20 blacklisted and white-listed hosts, or the specified number of hosts using the -num argument.
COP-14755The NAT-pool IP range setting used to accept very wide ranges (> 65535) of IPv4 addresses if such an address started at
COP-14766Spaces in passwords were incorrectly interpreted as ‘+’-signs when using Web Authentication.
COP-14769The pcapdump -show command displayed all the captured packets. Now the pcapdump -show command displays a default of 20 packets, or the specified number of packets using the -num argument.
COP-14786The system sometimes experienced high memory consumption and sometimes rebooted due to low available memory when using IDP.
COP-14803The Anti-Virus log message ID 115 and Application Control log message ID 4 had swapped the event and the action. The log revisions have been updated for both messages.
COP-14805There was no log or notification shown when IDP scanning was disabled because of the license expiration.
COP-14813Received ICMPv6/Neighbor Advertisements containing multiple options were incorrectly interpreted by the Security Gateway.
COP-14818The console help text for the option “show” of the CLI command “license” was confusing and has been rewritten.
COP-14847Full system backup files did not include files related to SSL VPN and Application Control.
COP-14866In rare occasions, the SMTP and POP3 ALG configured with Anti-Virus did not detect malicious email attachments.
COP-14920In rare High Availability scenarios a restart of the nodes would be necessary in order to finish a configuration synchronization.
COP-14935Configured IDP pipes were not always displayed in the CLI.
COP-14938Blacklist logs sometimes showed incorrect protocol or port.
COP-14953Memory usage for SIP was displayed incorrectly.
COP-14959A DHCP server lease was not removed from the inactive HA node when the CLI command “dhcpserver -releaseip” was issued on the active node.
COP-14980PPP LCP request containing data outside the range of the length field was incorrectly dropped.