Hi. At long last the 8.165 release. I think the lesson to be learned here is that delaying a beta release for specific problems leads to a worse beta and not a better one [:(] But now let us hit the reset button and reboot this beta [:)] Application Control changes Application matching is now done directly in HTTP proxy for traffic passing through it. This should improve the user experience by offering a real error page. If the HTTPS proxy is enabled it also enable us to do the matching on the unencrypted traffic. Also the Flow Monitor was reworked to make it simpler to use. If you have network visibility enabled you can now create application block rules and application QoS rules directly from the flow monitor. For now any rules created in this way are disabled by default. This should change until final release but some needed sanity checks (like that you should not be able to create a block rule for WebAdmin) are still missing. Departmental Reports in Web Security Reporting Under Logging & Reporting >> Web Security >> Departments you can now define departments as a set of users or a set of networks (mixing is currently not possible). You can then use these departments as filters in the Web Security Reporting to create reports by department. Allow to change MAC addresses At Interfaces & Routing >> Interfaces >> Hardware you can now set virtual MAC addresses for your NICs, i.e. overriding the vendor assigned MAC address. This can be useful e.g. for some ISPs which register the MAC address of your router and you need to fake this address if you want to replace this router with an ASG. It is possible that some NICs don't support overriding the MAC address. Simplification Some smaller changes removing choices the users rarely need to improve usability: The SNMPv3 support introduced in the last release was simplified to give the user less confusing choices. For the SNMP server the algorithms for authentication (SHA) and encryption (AES) are now hard coded, and the password entered is automatically used for authentication and encryption. For traps the options remain since you might need to adapt the settings to your trap sink. The Cookie Signing feature of Web Application Firewall now always drops unsigned/invalid cookies instead of rejecting the complete request, i.e. this newly introduced behavior is now always used instead of being optional. Other changes In the user list at Definitions & Users >> Users & Groups >> Users you can now view and edit the user defined black and white lists for SMTP/POP3 proxy. (This was already in 8.164, but I forgot to mention it in the annoucement) A number of issues were fixed when handling user names containing non-ASCII characters coming from external directories (e.g. Active Directory). Communication between the IPS daemon and the kernel should be more efficient now. In our benchmarks this leads to a performance increase in IPS throughput for high bandwiths. The DHCP client was replaced (from dhcpcd to ISC dhclient). This should have no user visible impact right now, but should make it easier in the future to add features like IPv6 support. Fixed Issues [11998] Default src addr parameter not working for S2S IPv6 routes [14820] Virus uploads don't get blocked if XSS or SQL Injection filter (mod_security) is enabled [15654] [UBB][8.050]Packets mislabeled as connections in reporting [16206] [AUA] AD groups containing utf8 characters are not returned when using test authentication [16431] PGP Inline encrypted Emails arrive with emtpy body at the mail-client [16880] WAF logfile does not show block reason for "XSS Filter" or "SQL Injection Filter" [16946] [UBB][8.160] boot splash copyright year still 2010 [16956] [UBB][8.160] Segfault in AV scan module, ctx->filename == NULL in mod_avscan_check_file_single_part() [16996] [UBB][8.160] logmanagement webadmin improvements [17644] [UBB][8.162] Form hardening blocks pages with query parameters [17729] [UBB][8.163] wrong sort order of IP-addresses in DNS->Static Entries [17775] [UBB][8.164] Bridging: allow IPv6 pass through option [17779] [UBB][8.164] Management>Notification cosmetic [17783] [UBB][8.164] astaro old address in EULA [17784] [UBB][8.164] misc SNMPv3 glitches [17787] [UBB][8.164] typo loadbalancing [17866] [UBB][8.164] random reboots due to kernel oops [17873] [UBB][8.164] Proxy Profile - Authentication type for transparent mode [17874] [UBB][8.164] Can't locate object method "Address" via package modules::Set [17889] [UBB][8.164] editing Service definition Download Information ASG ISO for Software/Virtual appliance installation: ftp://ftp.astaro.de/pub/ASG/v8/beta/asg-8.165-22.1.iso ISO size................: 514M (538658816 bytes) ISO md5sum..............: 64f9567ccebf277c5717109fffe5c5e8 ISO sha1sum.............: 46120ce003a3c6ca445afc611012145960bd57cd SSI ISO for Hardware appliance installation: ftp://ftp.astaro.de/pub/ASG/v8/beta/ssi-8.165-22.1.iso ISO size................: 515M (539920384 bytes) ISO md5sum..............: ca5a5d12695bae8df3b584d2ada1f928 ISO sha1sum.............: 86409c88a0982c25ce8f45110f87c7080214923f Up2Date package: ftp://ftp.astaro.de/pub/ASG/v8/beta/u2d-sys-8.164-165.tgz.gpg U2D size................: 103M (108527097 bytes) U2D md5sum..............: 1a4f93e43b400a7453b1524cef36f55a U2D sha1sum.............: 0cafb4a458006a8dbfce246177048e9739bf0f8c Please note that the Up2date package will also be distributed over the Up2Date server, so your ASG should usually download the package by itself.

Beta Release 8.165: Release and Download Information

Hi.

At long last the 8.165 release. I think the lesson to be learned here is that delaying a beta release for specific problems leads to a worse beta and not a better one [:(]

But now let us hit the reset button and reboot this beta [:)]

Application Control changes

Application matching is now done directly in HTTP proxy for traffic passing through it. This should improve the user experience by offering a real error page. If the HTTPS proxy is enabled it also enable us to do the matching on the unencrypted traffic.

Also the Flow Monitor was reworked to make it simpler to use. If you have network visibility enabled you can now create application block rules and application QoS rules directly from the flow monitor. For now any rules created in this way are disabled by default.
This should change until final release but some needed sanity checks (like that you should not be able to create a block rule for WebAdmin) are still missing.

Departmental Reports in Web Security Reporting

Under Logging & Reporting >> Web Security >> Departments you can now define departments as a set of users or a set of networks (mixing is currently not possible).

You can then use these departments as filters in the Web Security Reporting to create reports by department.

Allow to change MAC addresses

At Interfaces & Routing >> Interfaces >> Hardware you can now set virtual MAC addresses for your NICs, i.e. overriding the vendor assigned MAC address. This can be useful e.g. for some ISPs which register the MAC address of your router and you need to
fake this address if you want to replace this router with an ASG.

It is possible that some NICs don't support overriding the MAC address.

Simplification

Some smaller changes removing choices the users rarely need to improve usability:

The SNMPv3 support introduced in the last release was simplified to give the user less confusing choices. For the SNMP server the algorithms for authentication (SHA) and encryption (AES) are now hard coded, and the password entered is automatically used for authentication and encryption. For traps the options remain since you might need to adapt the settings to your trap sink.
The Cookie Signing feature of Web Application Firewall now always drops unsigned/invalid cookies instead of rejecting the complete request, i.e. this newly introduced behavior is now always used instead of being optional.

Other changes

In the user list at Definitions & Users >> Users & Groups >> Users you can now view and edit the user defined black and white lists for SMTP/POP3 proxy. (This was already in 8.164, but I forgot to mention it in the annoucement)
A number of issues were fixed when handling user names containing non-ASCII characters coming from external directories (e.g. Active Directory).
Communication between the IPS daemon and the kernel should be more efficient now. In our benchmarks this leads to a performance increase in IPS throughput for high bandwiths.
The DHCP client was replaced (from dhcpcd to ISC dhclient). This should have no user visible impact right now, but should make it easier in the future to add features like IPv6 support.

Fixed Issues

[11998] Default src addr parameter not working for S2S IPv6 routes
[14820] Virus uploads don't get blocked if XSS or SQL Injection filter (mod_security) is enabled
[15654] [UBB][8.050]Packets mislabeled as connections in reporting
[16206] [AUA] AD groups containing utf8 characters are not returned when using test authentication
[16431] PGP Inline encrypted Emails arrive with emtpy body at the mail-client
[16880] WAF logfile does not show block reason for "XSS Filter" or "SQL Injection Filter"
[16946] [UBB][8.160] boot splash copyright year still 2010
[16956] [UBB][8.160] Segfault in AV scan module, ctx->filename == NULL in mod_avscan_check_file_single_part()
[16996] [UBB][8.160] logmanagement webadmin improvements
[17644] [UBB][8.162] Form hardening blocks pages with query parameters
[17729] [UBB][8.163] wrong sort order of IP-addresses in DNS->Static Entries
[17775] [UBB][8.164] Bridging: allow IPv6 pass through option
[17779] [UBB][8.164] Management>Notification cosmetic
[17783] [UBB][8.164] astaro old address in EULA
[17784] [UBB][8.164] misc SNMPv3 glitches
[17787] [UBB][8.164] typo loadbalancing
[17866] [UBB][8.164] random reboots due to kernel oops
[17873] [UBB][8.164] Proxy Profile - Authentication type for transparent mode
[17874] [UBB][8.164] Can't locate object method "Address" via package modules::Set
[17889] [UBB][8.164] editing Service definition

Download Information

ASG ISO for Software/Virtual appliance installation:
ftp://ftp.astaro.de/pub/ASG/v8/beta/asg-8.165-22.1.iso
  ISO size................: 514M (538658816 bytes)
  ISO md5sum..............: 64f9567ccebf277c5717109fffe5c5e8
  ISO sha1sum.............: 46120ce003a3c6ca445afc611012145960bd57cd

SSI ISO for Hardware appliance installation:
ftp://ftp.astaro.de/pub/ASG/v8/beta/ssi-8.165-22.1.iso
  ISO size................: 515M (539920384 bytes)
  ISO md5sum..............: ca5a5d12695bae8df3b584d2ada1f928
  ISO sha1sum.............: 86409c88a0982c25ce8f45110f87c7080214923f

Up2Date package:
ftp://ftp.astaro.de/pub/ASG/v8/beta/u2d-sys-8.164-165.tgz.gpg
  U2D size................: 103M (108527097 bytes)
  U2D md5sum..............: 1a4f93e43b400a7453b1524cef36f55a
  U2D sha1sum.............: 0cafb4a458006a8dbfce246177048e9739bf0f8c

Please note that the Up2date package will also be distributed over the
Up2Date server, so your ASG should usually download the package by itself.

Parents

0 wingman over 13 years ago

So far no reboots [:D]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 eclipse79oldacct over 13 years ago in reply to wingman

I have not installed any beta version, but I'm curious to know if local cf is managed with GUI (not in easter egg format [:)] )
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 eclipse79oldacct over 13 years ago in reply to wingman

I have not installed any beta version, but I'm curious to know if local cf is managed with GUI (not in easter egg format [:)] )
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data