14.2.0 Changelog

From Edge Threat Management Wiki - Arista
Revision as of 23:06, 6 November 2019 by Hpaunet (talk | contribs) (→‎New Web Filtering Categorization engine)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search


14.2 is a major new release containing new functionality and some big changes.

Web Filter

Improved Education Features

Many commonly-requested features have been added to Web Filter. These are especially powerful for those filtering for children like educational institutions and those doing SSL inspection.

  • "Enforce safe search" now includes searches on YouTube, forcing Restricted Mode.
  • Logging of online searches now includes searches on YouTube.
  • Added a new "Search Terms" tab to allow admins to block/flag searches containing certain words or phrases.
  • Added the ability to import very large list of suspicious search terms in either JSON or CSV format.

New Web Filtering Categorization engine

We have switched Web Filter to use Brightcloud's web URL categorization and reputation engine. Untangle often changes the underlying commercial engine used in some of the paid apps (like Virus Blocker) over the years. Doing so is never easy, but is critical for Untangle to stay current with the best technologies available.

On upgrade, your current category settings will be converted to the new category format.

Important notice As of October 30, 2019, NG Firewall must be updated to version 14.2 or later for web categorization to continue to function.

Other Quality-of-Life Improvements

Web Filter categories page is now grouped by default and has a search function to help locate categories more easily. Additionally the database schema has been improved for better reports performance.

Intrusion Prevention

Intrusion Prevention incorporated much user feedback and requests from the new version implemented in 14.1

Whitelist (Exempt)

Rules now have the ability to whitelist (exempt) certain traffic or subnets from Intrusion Prevention Signatures. Using the new Rule Whitelist action, you can specify variables on matching Signature Source and/or Destination networks.

Postrouting Option

Intrusion Prevention now has the ability to run "postrouting". This is mode is very different than the standard "prerouting" mode and which option you will choose to run depends on your reasons for using Intrusion Prevention.

When run in "prerouting" mode (the default), IPS sees all traffic even if it will subsequently be dropped by the firewall. This means IPS will see much malicious activity like port scan, intrusion attempts on the public IP addresses that happen on almost all networks, even though that traffic will ultimately just be dropped. The advantage of this approach is that Intrusion Prevention sees and logs everything providing the most complete picture. The disadvantage is that it usually logs so much that the Intrusion Prevention logs quickly become ignored because its logging thousands of events per day and this is completely normal and expected.

When run in "postrouting" mode, IPS will only scan traffic that will actually pass through the firewall. Most networks where Untangle is running with a Public IP and doing NAT and only port forwarding select or no traffic at all, this will be extremely different that scanning "prerouting". The advantage of this mode is that IPS will only scan/log on traffic that is actually entering your network and therefore ignores a lot of the standard "noise" from incoming port scans and vulnerability scans that just get dropped at the firewall and logs only on traffic that should potentially concern the administrator. The disadvantage of this mode is that it provides a less complete picture of activity on the public interface it now no longer logs attempts that just get dropped. Additionally, for long time Untangle users, this was once the default, however many administrators were very uncomfortable with this mode because it logs much less than they anticipated or compared to a solution that runs "prerouting". Finally, postrouting mode fully supports network bypass rules.

Which mode is right for you depends on your reasons for using Intrusion Prevention. The "prerouting" mode is currently the default because it is the most anticipated behavior of most administrators.

Rule Reporting

Rules are now logged in the IPS event log and there are now several new reports showing top reports.

Directory Connector

Directory Connector can now connect to directory services in Microsoft Azure.

The Active Directory Login Monitor now can monitor RADIUS authentication events on the Active Directory server.


Tons of other improvements and bugfixes

  • systemd boot hang issues fixed
  • Additional IPS fixes (logging rules with reports, easier HOME_NET modifications, etc).
  • Many AD/directory-connector fixes (improved User/Group windows, improved analysis of test results)
  • OpenVPN now build windows client based on 2.4.7 (thanks WebFool!)
  • Configuration Backup can now be scheduled to a specific time
  • Ability to hide wireless SSID