Jcoffin at 20:30, 21 August 2024

2024-08-21T20:30:19Z

← Older revision		Revision as of 20:30, 21 August 2024
Line 45:		Line 45:
	* Removed ping probes from IPsec and WireGuard VPN tunnels with roaming remote endpoints		* Removed ping probes from IPsec and WireGuard VPN tunnels with roaming remote endpoints
	* Removed Auth Type column in specific Captive Portal reports in cases where this datapoint is not valid		* Removed Auth Type column in specific Captive Portal reports in cases where this datapoint is not valid
			* Removed skins. On upgrade, custom skins will be reverted to default skin.
	* Increased the high memory threshold in IPS from 2 GB to 4 GB		* Increased the high memory threshold in IPS from 2 GB to 4 GB

Bcarmichael: Created page with "= 17.2 = NG Firewall version 17.2 includes a variety of small enhancements, user interface sanity checks, bug fixes, security updates, and general housekeeping. Note: This release requires a reboot. === Feature enhancements, additions, and user interface updates === * Added MAC vendor field to the Interfaces screen * Added daily maintenance of the email queue to prevent excessive buildup up of messages * Added support for wildcards in the email quarantine address fiel..."

2024-08-21T14:31:08Z

Created page with "= 17.2 = NG Firewall version 17.2 includes a variety of small enhancements, user interface sanity checks, bug fixes, security updates, and general housekeeping. Note: This release requires a reboot. === Feature enhancements, additions, and user interface updates === * Added MAC vendor field to the Interfaces screen * Added daily maintenance of the email queue to prevent excessive buildup up of messages * Added support for wildcards in the email quarantine address fiel..."

New page

= 17.2 =

NG Firewall version 17.2 includes a variety of small enhancements, user interface sanity checks, bug fixes, security updates, and general housekeeping.

Note: This release requires a reboot.

=== Feature enhancements, additions, and user interface updates ===
* Added MAC vendor field to the Interfaces screen
* Added daily maintenance of the email queue to prevent excessive buildup up of messages
* Added support for wildcards in the email quarantine address field
* Added checks to prevent upgrades if disk space is insufficient
* Added ability to configure multiple remote syslog servers
* Added human readable formatting of data transfer rates in related grids and reports
* Added searching by tags in Hosts, Devices, and Sessions screens
* Added ability to query more than 1000 users in Microsoft Active Directory and Entra ID
* Added WireGuard VPN interfaces to OSPF interface override feature
* Added mapping of WireGuard VPN tunnel description to username field in users screen to associate WireGuard VPN tunnels to named users
* Added warning message to WireGuard VPN screen after making general settings changes and there are existing tunnels which require updates
* Added sanity checks to prevent conflicting ID or IP configuration of VLAN interfaces
* Added sanity checks to prevent conflicting IP peers and subnets of WireGuard VPN tunnels
* Added sanity checks to prevent invalid characters in interface names Improved DNS query handling so that requests are always forwarded using the corresponding WAN interface
* Improved handling of licensed features during temporary outages to the license service
* Improved UI field input validations across all related screens
* Improved validation of imported data across all related grids
* Improved wording in OpenVPN client download screen
* Improved copy function in WireGuard tunnels to omit unique data
* Improved user navigation in offline setup wizard
* Improved Web Filter rules to no longer require flagging

=== General updates and other maintenance ===
* Updated Geo-IP database
* Updated IPS signature database
* Updated multiple libraries used by the logging facilities and web services
* Updated EULA in all affected screens
* Updated the feedback link in the navigation menu
* Replaced Quagga with FRR for Dynamic Routing features
* Replaced keep-alive modules with FRR for VRRP when using dynamic routing
* Removed option to upload custom scripts from Captive Portal
* Removed option to import current users
* Removed option to import current devices
* Removed Facebook from Captive Portal authentication options
* Removed invalid URL reference in IPS screen
* Removed community languages
* Removed the option to configure Cloud Hosted Relay in the Email screen
* Removed ping probes from IPsec and WireGuard VPN tunnels with roaming remote endpoints
* Removed Auth Type column in specific Captive Portal reports in cases where this datapoint is not valid
* Increased the high memory threshold in IPS from 2 GB to 4 GB

=== Bug fixes ===
* Fixed booting and installation issue with EEE and Realtek adapters
* Fixed “synchronize time” button that caused indefinite loading screen
* Fixed UI issue with DHCP server settings not rendering when DHCP is disabled on the corresponding interface
* Fixed UI error when setting conflicting remote address in OpenVPN clients tab
* Fixed UI layout issues in Syslog screen
* Fixed UI error when performing a lookup of the vendor by MAC address on the Networks screen
* Fixed TunnelVPN screen where the Done button was not enabled in some situations
* Fixed issue with recent Web Filter categories not populating in reports
* Fixed filtering by “Last Seen Time” field in grids
* Fixed upgrade failures on systems with a floppy drive
* Fixed kernel panic under specific bypass configuration for IPS
* Fixed issue with Q4 appliance not showing the serial number in About screen
* Fixed UI scrolling issues on screens with large data sets
* Fixed issue with backup recovery not restoring the custom icon from Branding Manager app
* Fixed upgrade failure caused by L2TP address field malformatting.
* Fixed network settings update could not be performed after duplicate values entered to DHCP Server screen
* Fixed loading of offline setup wizard when a default admin password exists
* Fixed UI issue where duplicate routes in the Routes screen were not removed which prevented the ability to save
* Fixed Bandwidth Control app was not starting QoS if QoS was previous disabled
* Fixed “is not” operator was not working for protocol based conditions and IP ranges
* Fixed “glob” matcher was not working for MAC addresses
* Fixed rules not working with conditions using a range in descending order (e.g. 192.168.1.200 - 192.168.1.100)
* Fixed error loading Apps screen after installation
* Fixed invalid formatting of date fields after setting the Web UI to Japanese language
* Fixed safe search enforcement on Yahoo search engine
* Fixed safe search when using Youtube retry option
* Fixed error when assigning online access to Reports users
* Fixed system logs which did not include some logs due to prior directory structure changes
* Fixed issue with uploaded SSL certificates not working due to trailing spaces or extra line feeds in the certificate file
* Fixed issue with WireGuard VPN tunnel copy button not functional when many networks exist in the configuration
* Fixed issue with OpenVPN client profiles not including secondary WANs when added after the app was installed
* Fixed Web Filter was not blocking web searches which included the “$” character
* Fixed group membership was not working when failing over to a secondary Microsoft Active Directory server
* Fixed Virus Blocker reports not pulling the correct data for FTP based sessions
* Fixed IPS not starting with specific network settings having null values
* Fixed Threat Prevention causing network performance issues with network devices using Anydesk software
* Fixed error when trying to delete a Policy which has installed apps
* Fixed error trying to download reports which use charts or graphs
* Fixed issue with WireGuard VPN that allowed new tunnels after the peer IP address pool was exhausted
* Fixed issue deleting custom reports which contained invalid settings
* Fixed typo in Firewall app events Summary field
* Fixed error when local interface configuration conflicted with the WireGuard VPN address pool
* Fixed static routes not populating on PPPoE interfaces after re-authentication
* Fixed OpenVPN tunnels were not disconnecting after disabling the tunnel

=== Security updates ===
* Improved security handling for various types of SQL injection attacks
* Improved security handling for tokens used by remote access feature
* Improved security handling for local account passwords
* Improved security handling of uploaded backup files to prevent man in the middle attacks
* Improved sanity checking and handling of various UI inputs to prevent execution of arbitrary code
* Patched vulnerability in Glibc library when using Chinese character encoding CVE-2024-2961
* Patched vulnerability in Linux kernel module Netfilter CVE-2023-32233

17.2 Changelog - Revision history

Jcoffin at 20:30, 21 August 2024