17.2 Changelog
From Edge Threat Management Wiki - Arista
17.2
NG Firewall version 17.2 includes a variety of small enhancements, user interface sanity checks, bug fixes, security updates, and general housekeeping.
Note: This release requires a reboot.
Feature enhancements, additions, and user interface updates
- Added MAC vendor field to the Interfaces screen
- Added daily maintenance of the email queue to prevent excessive buildup up of messages
- Added support for wildcards in the email quarantine address field
- Added checks to prevent upgrades if disk space is insufficient
- Added ability to configure multiple remote syslog servers
- Added human readable formatting of data transfer rates in related grids and reports
- Added searching by tags in Hosts, Devices, and Sessions screens
- Added ability to query more than 1000 users in Microsoft Active Directory and Entra ID
- Added WireGuard VPN interfaces to OSPF interface override feature
- Added mapping of WireGuard VPN tunnel description to username field in users screen to associate WireGuard VPN tunnels to named users
- Added warning message to WireGuard VPN screen after making general settings changes and there are existing tunnels which require updates
- Added sanity checks to prevent conflicting ID or IP configuration of VLAN interfaces
- Added sanity checks to prevent conflicting IP peers and subnets of WireGuard VPN tunnels
- Added sanity checks to prevent invalid characters in interface names Improved DNS query handling so that requests are always forwarded using the corresponding WAN interface
- Improved handling of licensed features during temporary outages to the license service
- Improved UI field input validations across all related screens
- Improved validation of imported data across all related grids
- Improved wording in OpenVPN client download screen
- Improved copy function in WireGuard tunnels to omit unique data
- Improved user navigation in offline setup wizard
- Improved Web Filter rules to no longer require flagging
General updates and other maintenance
- Updated Geo-IP database
- Updated IPS signature database
- Updated multiple libraries used by the logging facilities and web services
- Updated EULA in all affected screens
- Updated the feedback link in the navigation menu
- Replaced Quagga with FRR for Dynamic Routing features
- Replaced keep-alive modules with FRR for VRRP when using dynamic routing
- Removed option to upload custom scripts from Captive Portal
- Removed option to import current users
- Removed option to import current devices
- Removed Facebook from Captive Portal authentication options
- Removed invalid URL reference in IPS screen
- Removed community languages
- Removed the option to configure Cloud Hosted Relay in the Email screen
- Removed ping probes from IPsec and WireGuard VPN tunnels with roaming remote endpoints
- Removed Auth Type column in specific Captive Portal reports in cases where this datapoint is not valid
- Removed skins. On upgrade, custom skins will be reverted to default skin.
- Increased the high memory threshold in IPS from 2 GB to 4 GB
Bug fixes
- Fixed booting and installation issue with EEE and Realtek adapters
- Fixed “synchronize time” button that caused indefinite loading screen
- Fixed UI issue with DHCP server settings not rendering when DHCP is disabled on the corresponding interface
- Fixed UI error when setting conflicting remote address in OpenVPN clients tab
- Fixed UI layout issues in Syslog screen
- Fixed UI error when performing a lookup of the vendor by MAC address on the Networks screen
- Fixed TunnelVPN screen where the Done button was not enabled in some situations
- Fixed issue with recent Web Filter categories not populating in reports
- Fixed filtering by “Last Seen Time” field in grids
- Fixed upgrade failures on systems with a floppy drive
- Fixed kernel panic under specific bypass configuration for IPS
- Fixed issue with Q4 appliance not showing the serial number in About screen
- Fixed UI scrolling issues on screens with large data sets
- Fixed issue with backup recovery not restoring the custom icon from Branding Manager app
- Fixed upgrade failure caused by L2TP address field malformatting.
- Fixed network settings update could not be performed after duplicate values entered to DHCP Server screen
- Fixed loading of offline setup wizard when a default admin password exists
- Fixed UI issue where duplicate routes in the Routes screen were not removed which prevented the ability to save
- Fixed Bandwidth Control app was not starting QoS if QoS was previous disabled
- Fixed “is not” operator was not working for protocol based conditions and IP ranges
- Fixed “glob” matcher was not working for MAC addresses
- Fixed rules not working with conditions using a range in descending order (e.g. 192.168.1.200 - 192.168.1.100)
- Fixed error loading Apps screen after installation
- Fixed invalid formatting of date fields after setting the Web UI to Japanese language
- Fixed safe search enforcement on Yahoo search engine
- Fixed safe search when using Youtube retry option
- Fixed error when assigning online access to Reports users
- Fixed system logs which did not include some logs due to prior directory structure changes
- Fixed issue with uploaded SSL certificates not working due to trailing spaces or extra line feeds in the certificate file
- Fixed issue with WireGuard VPN tunnel copy button not functional when many networks exist in the configuration
- Fixed issue with OpenVPN client profiles not including secondary WANs when added after the app was installed
- Fixed Web Filter was not blocking web searches which included the “$” character
- Fixed group membership was not working when failing over to a secondary Microsoft Active Directory server
- Fixed Virus Blocker reports not pulling the correct data for FTP based sessions
- Fixed IPS not starting with specific network settings having null values
- Fixed Threat Prevention causing network performance issues with network devices using Anydesk software
- Fixed error when trying to delete a Policy which has installed apps
- Fixed error trying to download reports which use charts or graphs
- Fixed issue with WireGuard VPN that allowed new tunnels after the peer IP address pool was exhausted
- Fixed issue deleting custom reports which contained invalid settings
- Fixed typo in Firewall app events Summary field
- Fixed error when local interface configuration conflicted with the WireGuard VPN address pool
- Fixed static routes not populating on PPPoE interfaces after re-authentication
- Fixed OpenVPN tunnels were not disconnecting after disabling the tunnel
Security updates
- Improved security handling for various types of SQL injection attacks
- Improved security handling for tokens used by remote access feature
- Improved security handling for local account passwords
- Improved security handling of uploaded backup files to prevent man in the middle attacks
- Improved sanity checking and handling of various UI inputs to prevent execution of arbitrary code
- Patched vulnerability in Glibc library when using Chinese character encoding CVE-2024-2961
- Patched vulnerability in Linux kernel module Netfilter CVE-2023-32233