Clavister cOS Core 10.22.02


Clavister har släppt en uppdaterad version av cOS Core 10.22 som innehåller ett stort antal buggfixar, samt förbättringar gällande konsolen vid virtualiserade installationer.

Kontakta Certezza Support vid frågor,
Telefon: 08-791 92 00

Buggfixar i cOS Core 10.22.02

COP-2592The VLAN CLI command did not show virtual routing (PBR membership) information.
COP-8040When configuring the Security Gateway to clear the TCP URG flag, the corresponding non-zero TCP Urgent pointer was not cleared.
COP-10795When using High Availability, the private IP address was used as the responder IP for traceroute. Now the shared IP address is used.
COP-12700After closing an IPsec tunnel used for L2TPv3 traffic, the Security Gateway in some rare occasions rebooted unexpectedly.
COP-13505The values for Private Router IDs on an OSPF process did not follow the setting the OSPFProcess object.
COP-13518The pcapdump tool erroneously captured IPsec traffic when the Ethernet Address filter was used.
COP-13572Non printable characters were sent in raw code to log receivers.
COP-13701When using “script -create” on a Security Gateway with global domain objects, not all global domain objects were created.
COP-13779Anti-virus scanning of certain types of zip-files could in rare occasions lead to an unexpected restart.
COP-14383The Security Gateway would drop non-first IPv6 fragments with a length shorter than the layer 4 header.
COP-14427Application Control did not identify all Netflix traffic as Netflix.
COP-14583If SSH remote management was configured for a specific interface, the SSH server could only be accessed using the core IP address for that specific interface. This fix changes the behavior of SSH remote management to allow access from an interface using any core IP address, consistent with how HTTP remote management works.
COP-14698There was no log when an IPRule or IPPolicy was changed.
COP-14850There was no notification message in the WebUI in the event that the IDP subscription had expired.
COP-14858When adding IPv6 address ranges in the Web User Interface, the validation sometimes failed even if the IPv6 range was correct.
COP-14889Under certain circumstances the Security Gateway would show unexpected behavior when the SIP module handled a non answered incoming call.
COP-14901Traffic over the L2TP/IPsec server could halt when the L2TP client’s IP address was changed.
COP-14916IKE rekey negotiations could fail if the Userauth rule was configured to allow only one simultaneous user.
COP-14930Traffic allowed by forward fast rules going into an IPsec tunnel was sometimes interrupted if hardware acceleration was used.
COP-14980PPP LCP request containing data outside the range of the length field was incorrectly dropped.
COP-14987It was not possible to open an outbound connection when using SAT or SLB together with NAT through an IPsec tunnel if such tunnel had manually specified the address that corresponds to the local net. This was only a problem when using High Availability.
COP-15069RADIUS attributes “acct-input-gigawords” and “acct-output-gigawords” were not included in the statistics messages when their values were zero.
COP-15073The HTTP-ALG truncated long blacklist/whitelist filter URLs to 63 characters without a warning, creating an invalid filter matching nothing. Now there is a configuration warning that too long filters will be truncated.
COP-15075Some log messages did not correctly display the access_level for some users.
COP-15082IPsec tunnels with remote endpoint configured with a DNS name could take 5 minutes to establish after a fail over in a high availability setup. The problem occurred when using addresses not publicly routable as the private IPs. Now this DNS information is synced to the inactive node to keep both peers correctly up to date.
COP-15086The output of the CLI command “buffers -recent” and the output of pcapdump when displaying the packets in the CLI were incorrect for IPv6 packets with extension headers.
COP-15088The fragment IDs in packets were displayed in the wrong byte order on certain Security Gateway models.
COP-15105Under some circumstances, L2TPv3 tunnels could stop operating after reconfiguring the Security Gateway.
COP-15151Having two OSPF “point-to-multipoint” interfaces to the same neighbor would result in incorrect routing.
COP-15174IPsec tunnels from IPsec clients using long Remote Identities were not correctly synced to the inactive High Availability node.
COP-15179In rare occasions the Security Gateway could make an unexpected restart when releasing DHCP-leases for an IP-Pool if the leases had not yet been populated.
COP-15186The system sometimes malfunctioned when issuing shutdown if ongoing IPsec negotiations existed.
COP-15203The lowest configured DH group for PFS was always used when initiating an IPsec rekey instead of the first configured.
COP-15238Under certain situations the HTML Page Parameter %REDIRHOST% for WebAuth could cause the Security Gateway to render unprintable symbols in the HTTP banners.
COP-15275The log message generated by the authentication system when a user logged in did not include configured authentication source.
COP-15286Specifying an OSPF reference bandwidth larger than ~4Gbps sometimes resulted in unexpected reconfiguration errors.
COP-15302The system could unexpectedly restart if a reconfigure failed due to configuration errors within the interface configuration.
COP-15308IPsec SA log event details differed between High Availability nodes.
COP-15317In some circumstances the Security Gateway needed to be restarted in order to retry a failed HTTP POSTER request.
COP-15330Memory used by the Anti-Virus engine when inspecting compressed files was not included in the memory statistics.
COP-15337There was a small memory leak related to POP3 email processing.
COP-15402Certain web pages were not shown correctly in the web browser when the HTTP ALG was used with Anti-Virus scanning and the web server sent the data using chunked encoding.
COP-15414Not possible to get Ethernet link when forcing speed and duplex on Ethernet device. Affected models: Eagle Series E80, Wolf Series W20 and W30.
COP-15433The parameter “size” for the console’s command “selftest -burnin” was not shown when using the tab completion.
COP-15444Time sync operations performed after startup of the system could fail continously if the time drift of the system clock was larger than the configured maximum allowed time drift. To mitigate this problem, the maximum time drift protection is not enabled for the first ten minutes after startup of the system, allowing the time synchronization procedure to correct the system time after startup even if time drift is larger than the configured maximum time drift.
COP-15497The system did not report a “bad_user_credentials” log (ID 03700104) for login attempts with incorrect credentials for L2TP, PPTP or SSLVPN tunnels.
COP-15587Synchronization of ESP sequence numbers between cluster peers could during some circumstances be done with wrong sequence numbers which lead to packet loss after HA fail over.
COP-15608Memory used by the system when compressing or decompressing data was not included in the memory statistics.
COP-15620Some POP3 ALG features did not work as intended for certain rare messages.
COP-15626Trial subscription date properties in the Web UI license page were displayed as “N/A” when not present. Now they are not displayed at all.
COP-15753In some rare cases it was impossible to access the Web Interface if the primary RADIUS authentication server was non-responsive.
COP-15763SSH Remote Access users could in some rare scenarios gain higher privileges than intended.
COP-15767The IPsec Remote Identity was not always synced correctly to the inactive High Availability node during IPsec tunnel setup.