Clavister har släppt version 10.11.08 av cOS Core. Nytt i denna version är bland annat ett utökat stöd för applikationer i Application Control.
Från och med cOS Core 10.11.08 kan enheterna samla in information om installationen som skickas vidare anonyt till Clavister. Vilken information som skickas kan styras i konfigurationen, och funktionen kan även stängas av helt.
Kontakta Certezza Support vid frågor,
E-post: support@certezza.net
Telefon: 08-791 92 00
| ID | Description |
| COP-8880 | The options “ValidateLogBad”, “ValidateReopen”, “ValidReopenLog”, “ReopenValidate” and “ReopenValidLog” for the setting TCPSequenceNumbers did not work and the system behaved as if configured with “ValidateLogBad”. |
| COP-10405 | In rare occasions when using the PPTP ALG an incorrect ALG associated connection could be closed, resulting in unexpected behavior. |
| COP-11205 | An Ethernet interface with a manually assigned MAC address would revert to its original MAC address after the console command “ifstat -restart”. |
| COP-11338 | The Security Gateway might show unexpected behavior when restarting after changes in configuration if an SSL VPN interface using a specific Routing Table was already configured. |
| COP-12153 | Under certain circumstances the Security Gateway could display an error message to contact Clavister support after a successful use of the “License Activation” feature. |
| COP-13573 | The cOS Core web authentication feature could fail in some rare situations when the system was under heavy stress. |
| COP-13746 | Connections using the secondary route in a route monitor setup where the primary route had failed were incorrectly closed during reconfiguration. |
| COP-13777 | A Security Gateway with User Identity Awareness configured could in rare scenarios reboot unexpectedly. |
| COP-13799 | Configuring OSPF to run on top of VLAN interfaces did not set the VLAN’s Ethernet base interface’s receive mode parameter to accept OSPF multicast packets, causing OSPF communication to fail in some scenarios. |
| COP-13803 | The Security Gateway’s SNMP statistics could report active IPsec tunnels as “down” under certain circumstances. |
| COP-13810 | It was not possible to use Loopback interfaces or Interface Groups as the OuterInterface when configuring an SSL VPN interface. |
| COP-13820 | The H.323 ALG sometimes caused unexpected reboots. |
| COP-13841 | Routing IKE/ESP packets through a loop back interface could cause L2TP packets sent through the IPsec tunnel to be dropped. |
| COP-13900 | It was not possible to use the CLI command “ippool -renew” to renew leases. |
| COP-14115 | The Web User Interface selection box was not wide enough, which made long object names not being displayed in full. |
| COP-14137 | The CLI command ipsecstats’ argument ‘-num=all’ did not list the active SAs. |
| COP-14139 | Multiple identical routes were sometimes added at IPsec tunnel establishment if the IPsec tunnel was configured to dynamically add route to the remote network. |
| COP-14142 | Error messages output by the “time -sync” command were in some failure cases not informative enough to describe the problem. |
| COP-14229 | On rare occasions, the Security Gateway could perform an unexpected restart after reconfiguring a PPTP server that used LDAP authentication. |
| COP-14249 | Configuring an IPv6 core route would always cause a configuration warning. |
| COP-14258 | Corrupt IPsec data could occasionally cause the Security Gateway to become unresponsive. Affected models: SG4300,SG4500 and Wolf Series W5. |
| COP-14263 | Traffic passing through an IPsec tunnel was sometimes incorrectly dropped if there was fragmentation of the packets. |
| COP-14419 | The DHCP Server Custom Option parameter value was possible to leave empty, but gave an error message during Save & Activate. An error message is now shown if the value is left empty when clicking Ok on the Custom Option page. |
| COP-14308 | Valid UTF-8 characters were in some logs not shown properly. |
| COP-14313 | UDP packets sent from the Security Gateway when using the ping CLI command always had the same Fragmentation ID or Identification field set. |
| COP-14317 | The output from the “time -sync” command was shown in all active CLI sessions. It will now only appear in the session where the command was executed. |
| COP-14324 | The description of the Facility parameter in the Syslog Receiver configuration object was incorrect. |
| COP-14327 | When using a routing table with the “Ordering” setting configured to “Default”, the named table was sometimes incorrectly consulted first, instead of the default routing table, during route lookup. |
| COP-14351 | The device could restart unexpectedly when Application Control was disabled on an IPRule matching active IPv6 traffic. |
| COP-14362 | The value configured for certain objects was sometimes not displayed correctly. For instance the Bits Per Second for a COM Port Device always showed a configured value of 300 despite having something else set. |
| COP-14376 | The license page did not always show the correct model information. |
| COP-14382 | There was a problem importing certificates if the certificate file contained line breaks at certain points. |
| COP-14383 | The Security Gateway would drop non-first IPv6 fragments with a length shorter than the layer 4 header. |
| COP-14384 | The Security Gateway could in rare occasions reboot unexpectedly if Anti-Virus scanning was configured. |
| COP-14387 | The message shown when trying to log in with a user with insufficient privileges was not descriptive enough. |
| COP-14395 | The Advanced TCP Setting for CC (Connection Count) option was incorrectly named “TCP Option Connection Timeout” in the WebUI. |
| COP-14399 | Web Content Filtering did not work for HTTPS when the traffic was directed to a proxy. |
| COP-14416 | Descriptions for possible values when configuring Real Time Monitor Alerts has been updated to be more descriptive. |
| COP-14418 | The Security Gateway could generate TCP packets with incorrect checksum on connections using address translation and some content inspection feature, such as, Application Control or Anti-Virus. In rare cases this could lead to stalled TCP connections. |
| COP-14425 | Descriptions for possible values when configuring Real Time Monitor Alerts were not descriptive. |
| COP-14436 | The configuration warning message “Shared IP address cannot be equal to iface IP address” was missing the name of the offending interface. |
| COP-14447 | Non pertinent information was displayed in the console command “appcontrol -show_lists”. |
| COP-14449 | Using some layer 7 features, such as, Application Control or Anti Virus, would prevent ICMP errors from being forwarded even when the service was configured to allow ICMP errors. |
| COP-14461 | Comments were not visible on folders in the WebUI address book. |
| COP-14462 | Application Control frequently failed to recognize Skype. Changes have been made to improve the classification of Skype. |
| COP-14466 | Application Control sometimes identified an application as just TCP or just UDP. |
| COP-14467 | Fragmented traffic made Application Control unable to correctly classify certain applications at times, one being bittorrent. The classification can now handle this kind of traffic better. |
| COP-14474 | DHCP Relay did not forward DHCPACK messages if they were received on port 68. |
| COP-14480 | Some scenarios with static route insertion/removal through OSPF did not work in a High Availability setup. |
| COP-14482 | Using an IP4Address object with a DNS name as Remote Endpoint for an IPsec tunnel could lead to IPsec traffic problems. |
| COP-14485 | When the date filter was not given in the format YYYY-MM-DD for the CLI command “dconsole -date=” the system printed all the logs instead of an error message. |
| COP-14496 | Some HTTP operations could under certain situations result in second long lockups. |
| COP-14513 | The WebUI Connection status page copied the source interface to the destination interface after a search filter had been applied. |
| COP-14528 | DHCP Server configured with “Relayer Filter” erroneously dropped the unicast DHCP request/renewal messages from DHCP clients. |
| COP-14542 | In rare occasions, some applications, such as Skype or RDP, could not be allowed by Application Control. |
| COP-14553 | The background colors of the row on the connection page in the Web UI were not alternating after a filter had been applied. |
| COP-14587 | Traffic using routing rules with routing tables where the “Ordering” setting was set to “Default” was sometimes routed incorrectly. |
| COP-14594 | After receiving large LSA, the OSPF module reported memory error despite having enough available memory to use. |
| COP-14604 | If the MTU of a physical interface had been decreased, it was not possible to increase it again. |
| COP-14615 | Accessing certain HTTPS sites sometimes failed if the HTTP ALG was configured to do Web Content Filtering. |
| COP-14620 | The classified value in the Application Control statistics table suffered from duplicate and premature updates. This has been fixed, so, it is normal to expect a lower rate of updates after a firmware upgrade. |
| COP-14633 | Safe Search configured together with Web Content Filtering sometimes caused system reboot. |
| COP-14660 | Unsupported ISAKMP and IPsec Security Association Attributes received during IPsec tunnel setup resulted in a failed setup even if configured attributes also were sent. |
| COP-14663 | Some rare URLs were incorrectly forbidden by the Web Content Filtering (WFC) functionality. |
| COP-14664 | The H323 ALG could in rare occasions cause a system reboot. |
| COP-14679 | ICMPv6 error message “Packet too big” was not passed through cOS Core causing traffic to be blocked in certain scenarios. |
| COP-14682 | RemoveScripts was enabled on the http-outbound HTTP ALG in default configurations. Since almost all web pages use JavaScipts today, removing scripts will greatly harm the web experience. New default configurations will now have the value set to disabled. |
| COP-14687 | In rare occasions when using Anti-Virus, error messages regarding the Security Gateway’s internal storage could be printed on the console. |
| COP-14690 | Modern browsers were not correctly identified in the Web User Interface causing a message to be displayed that an unsupported browser version was being used. |
| COP-14706 | Application Control Rules would, with certain selected applications, take longer time than necessary to parse during reconfiguration. |
| COP-14709 | A configuration error occurred when the remote endpoint of an IPsec tunnel was set to an IP4Group that only consisted of one member. |
| COP-14743 | The span for the Update Center’s Hourly setting was not correct and has been changed from 11 to 12 hours. |
| COP-14744 | When using the “Hourly” interval for Update Center the updates ran every hour despite the setting’s value. |
| COP-14753 | The blacklist -show command displayed all blacklisted and white-listed hosts. It has been updated to display a default of 20 blacklisted and white-listed hosts, or the specified number of hosts using the -num argument. |
| COP-14755 | The NAT-pool IP range setting used to accept very wide ranges (> 65535) of IPv4 addresses if such an address started at 0.0.0.0. |
| COP-14766 | Spaces in passwords were incorrectly interpreted as ‘+’-signs when using Web Authentication. |
| COP-14769 | The pcapdump -show command displayed all the captured packets. Now the pcapdump -show command displays a default of 20 packets, or the specified number of packets using the -num argument. |
| COP-14786 | The system sometimes experienced high memory consumption and sometimes rebooted due to low available memory when using IDP. |
| COP-14803 | The Anti-Virus log message ID 115 and Application Control log message ID 4 had swapped the event and the action. The log revisions have been updated for both messages. |
| COP-14805 | There was no log or notification shown when IDP scanning was disabled because of the license expiration. |
| COP-14813 | Received ICMPv6/Neighbor Advertisements containing multiple options were incorrectly interpreted by the Security Gateway. |
| COP-14818 | The console help text for the option “show” of the CLI command “license” was confusing and has been rewritten. |
| COP-14847 | Full system backup files did not include files related to SSL VPN and Application Control. |
| COP-14866 | In rare occasions, the SMTP and POP3 ALG configured with Anti-Virus did not detect malicious email attachments. |
| COP-14920 | In rare High Availability scenarios a restart of the nodes would be necessary in order to finish a configuration synchronization. |
| COP-14935 | Configured IDP pipes were not always displayed in the CLI. |
| COP-14938 | Blacklist logs sometimes showed incorrect protocol or port. |
| COP-14953 | Memory usage for SIP was displayed incorrectly. |
| COP-14959 | A DHCP server lease was not removed from the inactive HA node when the CLI command “dhcpserver -releaseip” was issued on the active node. |
| COP-14980 | PPP LCP request containing data outside the range of the length field was incorrectly dropped. |
Mikko Vartiainen
