17.3 Changelog: Difference between revisions
From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
Bcarmichael (talk | contribs) |
Bcarmichael (talk | contribs) (→17.3) |
||
| Line 40: | Line 40: | ||
=== Important Notice === | === Important Notice === | ||
This release includes an updated cipher configuration with OpenVPN to comply with the latest security requirements. If you use the OpenVPN feature, we strongly recommend upgrading your OpenVPN clients to the current release version prior to upgrading NG Firewall. | This release includes an updated cipher configuration with OpenVPN to comply with the latest security requirements. If you use the OpenVPN feature, we strongly recommend upgrading your OpenVPN clients to the current release version prior to upgrading NG Firewall. | ||
== 17.3.1 == | |||
This patch release addresses the following issues: | |||
* Bypass option in IPsec tunnels was not functional after upgrade to 17.3.0. | |||
* OpenVPN was not adding a secondary WAN to profiles. | |||
* Secondary PPPoE links were not connecting. | |||
* Java exception when exporting custom reports | |||
* Installation error when attempting to re-install on Q4 hardware. | |||
Latest revision as of 15:37, 1 April 2025
17.3
NG Firewall version 17.3 includes minor enhancements, bug fixes, and security updates.
General updates and enhancements
- Re-enabled Google Drive connector for automatic reports sync to Google Drive
- Updated ClamAV to LTS version
- Updated Webroot Brightcloud plugin
- Updated the root certificate store used by the system for SSL connections
- Added option to automatically remove devices from the device list after a defined period of inactivity
- Added option to automatically map Wireguard profile description as a username of the authenticated device
- Added option to define search domains to Wireguard profiles
- Added hard disk health check prior to upgrades
- Consolidated SNI extraction used by multiple apps to optimize performance of HTTPS filtering
Bug fixes
- Fixed WireGuard Interfaces not visible in rules for Cloud Appliances
- Fixed WireGuard access rule not added for Cloud Appliances
- Fixed Active Directory user and group names were not populating in rule dropdown list
- Fixed Google authentication failed if SSL inspection was enabled for all traffic
- Fixed WAN Failover not working with static IP configurations
- Fixed Apps could change to Invalid state in specific situations of license reassignment
- Fixed IPsec routes could become invalid in specific situations during upgrades or restarts
- Fixed Reporting data was missing events on systems under heavy load
- Fixed QoS value of 0 could cause instability and failure to start after upgrade
- Fixed IPsec Xauth sessions were implicitly NAT'd for local traffic
- Fixed Policy Manager session switching events were set to info, causing high disk usage on busy systems
- Fixed Kernel events were unnecessarily duplicated to syslog
Security updates
- Patched CVE-2024-47175 with updated libraries
- Added encryption of keys and passwords to exported data for specific screens that support export
- WPA password in WiFi configuration was not hidden in web administration
- Added sanitization of import function on multiple screens
Other changes
- Removed UPnP and associated access rule due to security implications
- Removed EU version of NGFW installer
Important Notice
This release includes an updated cipher configuration with OpenVPN to comply with the latest security requirements. If you use the OpenVPN feature, we strongly recommend upgrading your OpenVPN clients to the current release version prior to upgrading NG Firewall.
17.3.1
This patch release addresses the following issues:
- Bypass option in IPsec tunnels was not functional after upgrade to 17.3.0.
- OpenVPN was not adding a secondary WAN to profiles.
- Secondary PPPoE links were not connecting.
- Java exception when exporting custom reports
- Installation error when attempting to re-install on Q4 hardware.
