Some new features and functionality this week:
Cookie Signing
You can now enable a new feature in your Firewall Profiles for the Web Application Firewall: Cookie Signing. This will, for each cookie set by the server, add a signature stored in another cookie, so that the WAF can check the signature on return from the client. This prevents tampering with the cookie on the client side.
Allow to choose WebAdmin/User Portal SSL certificate
At Management >> WebAdmin Settings >> HTTPS Certificate you can now choose now which certificate is used by WebAdmin and User Portal for SSL encryption. So if you have an existing CA that you would like to use for signing the certificate used by WebAdmin you can do so now.
Go to a Certificate Managment tab (which are currently available under Web Application Security, Site-to-site VPN and Remote Access, but not yet under Managment) and upload the certificate and the public key for the CA. Go to Certificates and upload the PKCS#12 container containing both. The cert should appear in the list and the CA as a verification CA under Certificate Authority.
New WebAdmin Role "Reviewer"
Besides the known Administrator and Auditor there is now a third WebAdmin user role: Reviewer. As usual you can give users this role at Management >> WebAdmin Settings >> Access Control. Reviewers are allowed to see all settings in WebAdmin (unlike the auditors which are limited to logging and reporting), but can't change anything.
This feature will also appear in ASG V7.505.
Location Based Blocking
At Network Security >> Packet Filter >> Location Based Blocking you have the possibility to block the complete traffic from and to IP addresses that are located in specific locations.
NB: This is a rather blunt instrument (which of course can produce false positives) and there is currently no possibility to define exceptions.
Fixed Issues
- [12326] Site to Site connection will not be established with sha 512 as ipsec authentication algorithm
- [12917] [UBB][7.880] email subjects with umlauts are not displayed correctly in the mail manager
- [13221] [UBB][7.900]Installer doesn't handle UTC option correctly
- [13456] [UBB][7.902] httpproxy doesn't support "single time events"
- [13485] [UBB][7.902] Site-to-site VPN Compression policy not working
- [13507] [UBB][7.903] CPU reports showing the same utilisation for both nodes
- [13552] [UBB][7.903]Logfile download usability/consistency
- [13561] [UBB][7.904] packetfilter Live Log formatting is broken
- [13564] [UBB][7.904] Logging >> View Log Files loads very slow
- [13569] [UBB][7.904] Small display problem in info in object table with IE8
- [13583] [UBB][7.904]Commtouch RBL too agressive
- [13602] [UBB][7.904]IPSec "Add Remote Gateway" fails with "VPN ID may not be empty"
- [13606] [UBB][7.904] WAF can not write audit log files (Permission denied)
Download Information
ASG ISO for Software/Virtual appliance installation:
ftp://ftp.astaro.de/pub/ASG/v8/beta/asg-7.910-10.1.iso
ISO size................: 345M (362143744 bytes)
ISO md5sum..............: e21e04e64e1e961d24d1a6b003b09d6d
ISO sha1sum.............: 691cabb4c9655f8a8dd3c81bb1bd37fac7c7e0db
SSI ISO for Hardware appliance installation:
ftp://ftp.astaro.de/pub/ASG/v8/beta/ssi-7.910-10.1.iso
ISO size................: 355M (372389888 bytes)
ISO md5sum..............: dfa5eabbe8225d811613c7acc39a9860
ISO sha1sum.............: 92ba00f7ff29a934f944683dd93d4521155709be
Up2Date package:
ftp://ftp.astaro.de/pub/ASG/v8/beta/u2d-sys-7.904-910.tgz.gpg
U2D size................: 52M (54769352 bytes)
U2D md5sum..............: 4c32fc4a6e65a1cb38290ec5c45ac589
U2D sha1sum.............: 6f5c83597647f4582bc28583d85e6aa9954d3afa
Please note that the Up2date package will also be distributed over the Up2Date server, so your ASG should usually download the package by itself.