14.2.0 Changelog

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search


14.2 is a major new release containing new functionality and some big changes.

Web Filter

Improved Education Features

Many commonly-requested features have been added to Web Filter. These are especially powerful for those filtering for children like educational institutions and those doing SSL inspection.

  • "Enforce safe search" now includes searches on youtube.
  • Logging of online searches now includes searches on youtube.
  • Added a new "Search Terms" tab to allow admins to block/flag searches containing certain words or phrases.
  • Added the ability to import very large list of suspicious search terms in either JSON or CSV format.

New Web Filtering Categorization engine

We have switched Web Filter to use Brightcloud's web URL categorization and reputation engine. Untangle often changes the underlying commercial engine used in some of the paid apps (like Virus Blocker) over the years. Doing so is never easy, but is critical for Untangle to stay current with the best technologies available.

Brightcloud offered the best categorization of the solutions we tested in our most recent test. This test includes both performance and accuracy as well as other properties like the category taxonomy. Brightcloud also provides the background intelligence so Untangle can now provide information about *why* certain sites where categorized as malicious when customers have questions.

On upgrade, your current category settings will be converted to the new category format.

Additionally Brightcloud offers several other key reputation services which we hope to use in future versions. More on that in the future!

Other Quality-of-Life Improvements

Web Filter categories page is now grouped by default and has a search function to help locate categories more easily. Additionally the database schema has been improved for better reports performance.

Intrusion Prevention

Intrusion Prevention incorporated much user feedback and requests from the new version impremented in 14.1

Whitelist (Exempt)

Rules now have the ability to whitelist (exempt) certain traffic or subnets from Intrusion Prevention entirely.

Postrouting Option

Intrusion Prevention now has the ability to run "postrouting". This is mode is very different than the standard "prerouting" mode and which option you will choose to run depends on your reasons for using Intrusion Prevention.

When run in "prerouting" mode (the default), IPS sees all traffic even if it will subsequently be dropped by the firewall. This means IPS will see much malicious activity like port scan, intrusion attempts on the public IP addresses that happen on almost all networks, even though that traffic will ultimately just be dropped. The advantage of this approach is that Intrusion Prevention sees and logs everything providing the most complete picture. The disadvantage is that it usually logs so much that the Intrusion Prevention logs quickly become ignored because its logging thousands of events per day and this is completely normal and expected.

When run in "postrouting" mode, IPS will only scan traffic that will actually pass through the firewall. Most networks where Untangle is running with a Public IP and doing NAT and only port forwarding select or no traffic at all, this will be extremely different that scanning "prerouting". The advantage of this mode is that IPS will only scan/log on traffic that is actually entering your network and therefore ignores a lot of the standard "noise" from incoming port scans and vulnerability scans that just get dropped at the firewall and logs only on traffic that should potentially concern the administrator. The disadvantage of this mode is that it provides a less complete picture of activity on the public interface it now no longer logs attempts that just get dropped. Additionally, for long time Untangle users, this was once the default, however many administrators were very uncomfortable with this mode because it logs much less than they anticipated or compared to a solution that runs "prerouting".

Which mode is right for you depends on your reasons for using Intrusion Prevention. The "prerouting" mode is currently the default because it is the most anticipated behavior of most administrators.

Directory Connector

Directory Connector can now connect to directory services in Microsoft Azure.

The Active Directory Login Monitor now can monitor RADIUS authentication events on the Active Directory server.


Tons of other improvements and bugfixes

  • systemd boot hang issues fixed
  • many IPS fixes
  • many AD/directory-connector fixes
  • OpenVPN now build windows client based on 2.4.7 (thanks WebFool!)
  • Configuration Backup can now be scheduled to a specific time
  • Ability to hide wireless SSID