Clavister cOS Core 11.00


Clavister har släppt version 11.00 av cOS Core. Denna version innehåller en lång rad förbättringar, nya funktioner och rättningar av mjukvarufel i tidgare versioner.

Noterbart i denna version är bland annat

  • Stöd för IPv6 i High Availability
  • Möjlighet att köra traceroute i CLI
  • En ny HTTP-ALG för att minska lasten och därmed höja möjlig throughput för inspekterad trafik

Kontakta Certezza Support vid frågor,
Telefon: 08-791 92 00

Buggfixar i cOS Core 11.00

COP-8871The setting “Local Console Timeout” under “Remote Management Settings” had an unclear name. It has now been renamed to “SSH Idle Timeout”.
COP-10794Log Message Exceptions ID numbers typed with leading zeroes were incorrectly changed to a different numerical value in the table.
COP-11208Input fields for IPv4 addresses in the web user interface were too small. The text box size has now been increased.
COP-12024The ‘rules’ CLI command would in some cases output incomplete information to save screen space, even with the -verbose flag set. Its output format has been redesigned to improve readability across the board, and to never omit any information when -verbose is specified.
COP-12700After closing an IPsec tunnel used for L2TPv3 traffic, the Security Gateway in some rare occasions rebooted unexpectedly.
COP-12721Tab completion for CLI commands with branching options did not work correctly.
COP-12813The titles of the Application Control Statistics in the web user interface dashboard had unclear names.
COP-13518The pcapdump tool erroneously captured IPsec traffic when the Ethernet Address filter was used.
COP-13592Some Application Control attributes never produced any logging output, due to problems with the underlying data type. The log system now supports more data types and logging is no-longer possible to enable for data types that cannot be logged.
COP-13656The web user interface control for service groups incorrectly made it possible to include a group as a member of itself.
COP-13701When using “script -create” on a Security Gateway with global domain objects, not all global domain objects were created.
COP-13769Configuring a static ARP or ND entry on an interface group would result in a confusing error.
COP-14039No error message was shown when an SSL VPN interface was added and no HTTPS certificate was configured in the system.
COP-14154Crypto accelerator statistics were missing from the SNMP MIB file.
COP-14346The encapsulation mode property on IPsec interfaces didn’t work correctly when it was configured to use both tunnel mode and transport mode. E.g transport mode IPsec SAs could be negotiated successfully but no packets could be routed through the tunnel. The properties local/remote network and local/remote endpoint could also be configured in a way that contradicted the encapsulation mode property. The encapsulation mode option ‘Both’ has been removed. A tunnel is now only allowed to be either tunnel mode or transport mode. Any configuration using the setting ‘Both’ will be converted to ‘Tunnel’ when upgrading. Please configure your IPsec interfaces to use either tunnel mode or transport before upgrading to make sure your IPsec interfaces still work after upgrade.
COP-14698There was no log when an IPRule or IPPolicy was changed.
COP-14717When the Security Gateway logged what applications were found in an Application Control Rule, the name of the corresponding IPRule was not logged.
COP-14858When configuring the Security Gateway using the WebUI, it sometimes failed to add correct IPv6 addresses for recent versions of Mozilla Firefox. Now correct IPv6 addresses may be added to both old and recent versions of Firefox.
COP-14889Under certain circumstances the Security Gateway would show unexpected behavior when the SIP module handled a non answered incoming call.
COP-15105Under some circumstances, L2TPv3 tunnels could stop operating after reconfiguring the Security Gateway.
COP-15238Under certain situations HTML Page Parameter %REDIRHOST% for WebAuth could cause the Security Gateway to render unprintable symbols in the HTTP banners.
COP-15275The log message generated by the authentication system when a user logged in did not include configured authentication source.
COP-15302The system could unexpectedly restart if a reconfigure failed due to configuration errors within the interface configuration.
COP-15308IPsec SA log event details differed between High Availability nodes.
COP-15317In some circumstances the Security Gateway needed to be restarted in order to retry a failed HTTP POSTER request.
COP-15330Memory used by the Anti-Virus engine when inspecting compressed files was not included in the memory statistics.
COP-15337There was a small memory leak related to POP3 email processing.
COP-15414Not possible to get Ethernet link when forcing speed and duplex on Ethernet device. Affected models: Eagle Series E80, Wolf Series W20 and W30.
COP-15444Time sync operations performed after startup of the system could fail continously if the time drift of the system clock was larger than the configured maximum allowed time drift. To mitigate this problem, the maximum time drift protection is not enabled for the first ten minutes after startup of the system, allowing the time synchronization procedure to correct the system time after startup even if time drift is larger than the configured maximum time drift.
COP-15587Synchronization of ESP sequence numbers between cluster peers could during some circumstances be done with wrong sequence numbers which lead to packet loss after HA fail over.
COP-15620Some POP3 ALG features did not work as intended for certain rare messages.
COP-15655The system did not require that the configured local ID on an IPsec tunnel strictly matched the received remote ID on the remote tunnel endpoint.