Clavister cOS Core 11.00

Clavister har släppt version 11.00 av cOS Core. Denna version innehåller en lång rad förbättringar, nya funktioner och rättningar av mjukvarufel i tidgare versioner.

Noterbart i denna version är bland annat

  • Stöd för IPv6 i High Availability
  • Möjlighet att köra traceroute i CLI
  • En ny HTTP-ALG för att minska lasten och därmed höja möjlig throughput för inspekterad trafik

Kontakta Certezza Support vid frågor,
E-post: support@certezza.net
Telefon: 08-791 92 00

Buggfixar i cOS Core 11.00

ID Description
COP-8871 The setting ”Local Console Timeout” under ”Remote Management Settings” had an unclear name. It has now been renamed to ”SSH Idle Timeout”.
COP-10794 Log Message Exceptions ID numbers typed with leading zeroes were incorrectly changed to a different numerical value in the table.
COP-11208 Input fields for IPv4 addresses in the web user interface were too small. The text box size has now been increased.
COP-12024 The ’rules’ CLI command would in some cases output incomplete information to save screen space, even with the -verbose flag set. Its output format has been redesigned to improve readability across the board, and to never omit any information when -verbose is specified.
COP-12700 After closing an IPsec tunnel used for L2TPv3 traffic, the Security Gateway in some rare occasions rebooted unexpectedly.
COP-12721 Tab completion for CLI commands with branching options did not work correctly.
COP-12813 The titles of the Application Control Statistics in the web user interface dashboard had unclear names.
COP-13518 The pcapdump tool erroneously captured IPsec traffic when the Ethernet Address filter was used.
COP-13592 Some Application Control attributes never produced any logging output, due to problems with the underlying data type. The log system now supports more data types and logging is no-longer possible to enable for data types that cannot be logged.
COP-13656 The web user interface control for service groups incorrectly made it possible to include a group as a member of itself.
COP-13701 When using ”script -create” on a Security Gateway with global domain objects, not all global domain objects were created.
COP-13769 Configuring a static ARP or ND entry on an interface group would result in a confusing error.
COP-14039 No error message was shown when an SSL VPN interface was added and no HTTPS certificate was configured in the system.
COP-14154 Crypto accelerator statistics were missing from the SNMP MIB file.
COP-14346 The encapsulation mode property on IPsec interfaces didn’t work correctly when it was configured to use both tunnel mode and transport mode. E.g transport mode IPsec SAs could be negotiated successfully but no packets could be routed through the tunnel. The properties local/remote network and local/remote endpoint could also be configured in a way that contradicted the encapsulation mode property. The encapsulation mode option ’Both’ has been removed. A tunnel is now only allowed to be either tunnel mode or transport mode. Any configuration using the setting ’Both’ will be converted to ’Tunnel’ when upgrading. Please configure your IPsec interfaces to use either tunnel mode or transport before upgrading to make sure your IPsec interfaces still work after upgrade.
COP-14698 There was no log when an IPRule or IPPolicy was changed.
COP-14717 When the Security Gateway logged what applications were found in an Application Control Rule, the name of the corresponding IPRule was not logged.
COP-14858 When configuring the Security Gateway using the WebUI, it sometimes failed to add correct IPv6 addresses for recent versions of Mozilla Firefox. Now correct IPv6 addresses may be added to both old and recent versions of Firefox.
COP-14889 Under certain circumstances the Security Gateway would show unexpected behavior when the SIP module handled a non answered incoming call.
COP-15105 Under some circumstances, L2TPv3 tunnels could stop operating after reconfiguring the Security Gateway.
COP-15238 Under certain situations HTML Page Parameter %REDIRHOST% for WebAuth could cause the Security Gateway to render unprintable symbols in the HTTP banners.
COP-15275 The log message generated by the authentication system when a user logged in did not include configured authentication source.
COP-15302 The system could unexpectedly restart if a reconfigure failed due to configuration errors within the interface configuration.
COP-15308 IPsec SA log event details differed between High Availability nodes.
COP-15317 In some circumstances the Security Gateway needed to be restarted in order to retry a failed HTTP POSTER request.
COP-15330 Memory used by the Anti-Virus engine when inspecting compressed files was not included in the memory statistics.
COP-15337 There was a small memory leak related to POP3 email processing.
COP-15414 Not possible to get Ethernet link when forcing speed and duplex on Ethernet device. Affected models: Eagle Series E80, Wolf Series W20 and W30.
COP-15444 Time sync operations performed after startup of the system could fail continously if the time drift of the system clock was larger than the configured maximum allowed time drift. To mitigate this problem, the maximum time drift protection is not enabled for the first ten minutes after startup of the system, allowing the time synchronization procedure to correct the system time after startup even if time drift is larger than the configured maximum time drift.
COP-15587 Synchronization of ESP sequence numbers between cluster peers could during some circumstances be done with wrong sequence numbers which lead to packet loss after HA fail over.
COP-15620 Some POP3 ALG features did not work as intended for certain rare messages.
COP-15655 The system did not require that the configured local ID on an IPsec tunnel strictly matched the received remote ID on the remote tunnel endpoint.
Rulla till toppen