Clavister har släppt version 11.00 av cOS Core. Denna version innehåller en lång rad förbättringar, nya funktioner och rättningar av mjukvarufel i tidgare versioner.
Noterbart i denna version är bland annat
Kontakta Certezza Support vid frågor,
Telefon: 08-791 92 00
|The setting “Local Console Timeout” under “Remote Management Settings” had an unclear name. It has now been renamed to “SSH Idle Timeout”.
|Log Message Exceptions ID numbers typed with leading zeroes were incorrectly changed to a different numerical value in the table.
|Input fields for IPv4 addresses in the web user interface were too small. The text box size has now been increased.
|The ‘rules’ CLI command would in some cases output incomplete information to save screen space, even with the -verbose flag set. Its output format has been redesigned to improve readability across the board, and to never omit any information when -verbose is specified.
|After closing an IPsec tunnel used for L2TPv3 traffic, the Security Gateway in some rare occasions rebooted unexpectedly.
|Tab completion for CLI commands with branching options did not work correctly.
|The titles of the Application Control Statistics in the web user interface dashboard had unclear names.
|The pcapdump tool erroneously captured IPsec traffic when the Ethernet Address filter was used.
|Some Application Control attributes never produced any logging output, due to problems with the underlying data type. The log system now supports more data types and logging is no-longer possible to enable for data types that cannot be logged.
|The web user interface control for service groups incorrectly made it possible to include a group as a member of itself.
|When using “script -create” on a Security Gateway with global domain objects, not all global domain objects were created.
|Configuring a static ARP or ND entry on an interface group would result in a confusing error.
|No error message was shown when an SSL VPN interface was added and no HTTPS certificate was configured in the system.
|Crypto accelerator statistics were missing from the SNMP MIB file.
|The encapsulation mode property on IPsec interfaces didn’t work correctly when it was configured to use both tunnel mode and transport mode. E.g transport mode IPsec SAs could be negotiated successfully but no packets could be routed through the tunnel. The properties local/remote network and local/remote endpoint could also be configured in a way that contradicted the encapsulation mode property. The encapsulation mode option ‘Both’ has been removed. A tunnel is now only allowed to be either tunnel mode or transport mode. Any configuration using the setting ‘Both’ will be converted to ‘Tunnel’ when upgrading. Please configure your IPsec interfaces to use either tunnel mode or transport before upgrading to make sure your IPsec interfaces still work after upgrade.
|There was no log when an IPRule or IPPolicy was changed.
|When the Security Gateway logged what applications were found in an Application Control Rule, the name of the corresponding IPRule was not logged.
|When configuring the Security Gateway using the WebUI, it sometimes failed to add correct IPv6 addresses for recent versions of Mozilla Firefox. Now correct IPv6 addresses may be added to both old and recent versions of Firefox.
|Under certain circumstances the Security Gateway would show unexpected behavior when the SIP module handled a non answered incoming call.
|Under some circumstances, L2TPv3 tunnels could stop operating after reconfiguring the Security Gateway.
|Under certain situations HTML Page Parameter %REDIRHOST% for WebAuth could cause the Security Gateway to render unprintable symbols in the HTTP banners.
|The log message generated by the authentication system when a user logged in did not include configured authentication source.
|The system could unexpectedly restart if a reconfigure failed due to configuration errors within the interface configuration.
|IPsec SA log event details differed between High Availability nodes.
|In some circumstances the Security Gateway needed to be restarted in order to retry a failed HTTP POSTER request.
|Memory used by the Anti-Virus engine when inspecting compressed files was not included in the memory statistics.
|There was a small memory leak related to POP3 email processing.
|Not possible to get Ethernet link when forcing speed and duplex on Ethernet device. Affected models: Eagle Series E80, Wolf Series W20 and W30.
|Time sync operations performed after startup of the system could fail continously if the time drift of the system clock was larger than the configured maximum allowed time drift. To mitigate this problem, the maximum time drift protection is not enabled for the first ten minutes after startup of the system, allowing the time synchronization procedure to correct the system time after startup even if time drift is larger than the configured maximum time drift.
|Synchronization of ESP sequence numbers between cluster peers could during some circumstances be done with wrong sequence numbers which lead to packet loss after HA fail over.
|Some POP3 ALG features did not work as intended for certain rare messages.
|The system did not require that the configured local ID on an IPsec tunnel strictly matched the received remote ID on the remote tunnel endpoint.