17.2 Changelog

From Edge Threat Management Wiki - Arista
Revision as of 20:30, 21 August 2024 by Jcoffin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

17.2

NG Firewall version 17.2 includes a variety of small enhancements, user interface sanity checks, bug fixes, security updates, and general housekeeping.

Note: This release requires a reboot.

Feature enhancements, additions, and user interface updates

  • Added MAC vendor field to the Interfaces screen
  • Added daily maintenance of the email queue to prevent excessive buildup up of messages
  • Added support for wildcards in the email quarantine address field
  • Added checks to prevent upgrades if disk space is insufficient
  • Added ability to configure multiple remote syslog servers
  • Added human readable formatting of data transfer rates in related grids and reports
  • Added searching by tags in Hosts, Devices, and Sessions screens
  • Added ability to query more than 1000 users in Microsoft Active Directory and Entra ID
  • Added WireGuard VPN interfaces to OSPF interface override feature
  • Added mapping of WireGuard VPN tunnel description to username field in users screen to associate WireGuard VPN tunnels to named users
  • Added warning message to WireGuard VPN screen after making general settings changes and there are existing tunnels which require updates
  • Added sanity checks to prevent conflicting ID or IP configuration of VLAN interfaces
  • Added sanity checks to prevent conflicting IP peers and subnets of WireGuard VPN tunnels
  • Added sanity checks to prevent invalid characters in interface names Improved DNS query handling so that requests are always forwarded using the corresponding WAN interface
  • Improved handling of licensed features during temporary outages to the license service
  • Improved UI field input validations across all related screens
  • Improved validation of imported data across all related grids
  • Improved wording in OpenVPN client download screen
  • Improved copy function in WireGuard tunnels to omit unique data
  • Improved user navigation in offline setup wizard
  • Improved Web Filter rules to no longer require flagging

General updates and other maintenance

  • Updated Geo-IP database
  • Updated IPS signature database
  • Updated multiple libraries used by the logging facilities and web services
  • Updated EULA in all affected screens
  • Updated the feedback link in the navigation menu
  • Replaced Quagga with FRR for Dynamic Routing features
  • Replaced keep-alive modules with FRR for VRRP when using dynamic routing
  • Removed option to upload custom scripts from Captive Portal
  • Removed option to import current users
  • Removed option to import current devices
  • Removed Facebook from Captive Portal authentication options
  • Removed invalid URL reference in IPS screen
  • Removed community languages
  • Removed the option to configure Cloud Hosted Relay in the Email screen
  • Removed ping probes from IPsec and WireGuard VPN tunnels with roaming remote endpoints
  • Removed Auth Type column in specific Captive Portal reports in cases where this datapoint is not valid
  • Removed skins. On upgrade, custom skins will be reverted to default skin.
  • Increased the high memory threshold in IPS from 2 GB to 4 GB

Bug fixes

  • Fixed booting and installation issue with EEE and Realtek adapters
  • Fixed “synchronize time” button that caused indefinite loading screen
  • Fixed UI issue with DHCP server settings not rendering when DHCP is disabled on the corresponding interface
  • Fixed UI error when setting conflicting remote address in OpenVPN clients tab
  • Fixed UI layout issues in Syslog screen
  • Fixed UI error when performing a lookup of the vendor by MAC address on the Networks screen
  • Fixed TunnelVPN screen where the Done button was not enabled in some situations
  • Fixed issue with recent Web Filter categories not populating in reports
  • Fixed filtering by “Last Seen Time” field in grids
  • Fixed upgrade failures on systems with a floppy drive
  • Fixed kernel panic under specific bypass configuration for IPS
  • Fixed issue with Q4 appliance not showing the serial number in About screen
  • Fixed UI scrolling issues on screens with large data sets
  • Fixed issue with backup recovery not restoring the custom icon from Branding Manager app
  • Fixed upgrade failure caused by L2TP address field malformatting.
  • Fixed network settings update could not be performed after duplicate values entered to DHCP Server screen
  • Fixed loading of offline setup wizard when a default admin password exists
  • Fixed UI issue where duplicate routes in the Routes screen were not removed which prevented the ability to save
  • Fixed Bandwidth Control app was not starting QoS if QoS was previous disabled
  • Fixed “is not” operator was not working for protocol based conditions and IP ranges
  • Fixed “glob” matcher was not working for MAC addresses
  • Fixed rules not working with conditions using a range in descending order (e.g. 192.168.1.200 - 192.168.1.100)
  • Fixed error loading Apps screen after installation
  • Fixed invalid formatting of date fields after setting the Web UI to Japanese language
  • Fixed safe search enforcement on Yahoo search engine
  • Fixed safe search when using Youtube retry option
  • Fixed error when assigning online access to Reports users
  • Fixed system logs which did not include some logs due to prior directory structure changes
  • Fixed issue with uploaded SSL certificates not working due to trailing spaces or extra line feeds in the certificate file
  • Fixed issue with WireGuard VPN tunnel copy button not functional when many networks exist in the configuration
  • Fixed issue with OpenVPN client profiles not including secondary WANs when added after the app was installed
  • Fixed Web Filter was not blocking web searches which included the “$” character
  • Fixed group membership was not working when failing over to a secondary Microsoft Active Directory server
  • Fixed Virus Blocker reports not pulling the correct data for FTP based sessions
  • Fixed IPS not starting with specific network settings having null values
  • Fixed Threat Prevention causing network performance issues with network devices using Anydesk software
  • Fixed error when trying to delete a Policy which has installed apps
  • Fixed error trying to download reports which use charts or graphs
  • Fixed issue with WireGuard VPN that allowed new tunnels after the peer IP address pool was exhausted
  • Fixed issue deleting custom reports which contained invalid settings
  • Fixed typo in Firewall app events Summary field
  • Fixed error when local interface configuration conflicted with the WireGuard VPN address pool
  • Fixed static routes not populating on PPPoE interfaces after re-authentication
  • Fixed OpenVPN tunnels were not disconnecting after disabling the tunnel

Security updates

  • Improved security handling for various types of SQL injection attacks
  • Improved security handling for tokens used by remote access feature
  • Improved security handling for local account passwords
  • Improved security handling of uploaded backup files to prevent man in the middle attacks
  • Improved sanity checking and handling of various UI inputs to prevent execution of arbitrary code
  • Patched vulnerability in Glibc library when using Chinese character encoding CVE-2024-2961
  • Patched vulnerability in Linux kernel module Netfilter CVE-2023-32233