UserGate UTM 5 - What's new?

UserGate UTM 5.0.6 Release (build 5.0.6.3335R, 05.12.2018).

Important! This update will change settings of your LDAP connector and kerberos keytab if updated on version 5.0.5 or earlier. It is highly recommended to check these settings after update.

New in version:

  • Update includes all changes made in version 5.0.6RC-3.
  • Added ability to use MAC address in routing rules (PBR).
  • Added ability for a user to provide reason in request for white list.
  • Added ability to add bond interfaces to bridge.
  • Added ability to apply DoS protection for known or unknown users.
  • Added ability to clear users information cache via CLI command.
  • Added ability to narrow search in AD domain, when adding user or group to filtering rules.
  • Added ability to set URI for ICAP servers as icap://server:port/path
  • Added ability to use one TCP port for SSL VPN and reverse proxy service.
  • Added block page for SSL VPN users who are trying to access restricted bookmarks.
  • Added offline updates capability.
  • Added proxy configuration for fast mode and SYN mode.
  • Added support for log export formats - BSD syslog protocol (RFC - 3164), syslog protocol (RFC - 5424), CEF (ArcSight Common Event Format).
  • Added support for national domain names in DNS requests in Diagnostics and monitoring.
  • Added useragent for UserGate proxy client.
  • Changed Entensys to UserGate in all default certificates.
  • Changed default boot mode to UTM Core (serial console).
  • Improved error message if administrator is adding a user with e-mail address, which is already assigned to another user.
  • Improved remote assistance service.
  • Improved security update procedure.
  • Improved UserGate stability.
  • Removed All categories group from URLF groups.
  • Fixed error when HTTPS site is unavailable for user if authentication is required.
  • Fixed error with NTLM authentication after logout via logout.captive.
  • Fixed error with NTLM authentication and cookie method.
  • Fixed incorrect status of security update after installation.
  • Fixed kernel crash, which happens in some cases.
  • Fixed number of XSS vulnerabilities.
  • Fixed problem if username for ICAP server contains letters of national alphabets.
  • Fixed problem when shared key was lost when editing security profile.
  • Fixed problem when SSL VPN bookmark with direct domain cannot be opened if access was restricted for group of users.
  • Fixed problem when zone assigned to an interface via CLI command disappeared after reboot.
  • Fixed problem when zone is removed from the interface.
  • Fixed problem with accessing SSL VPN bookmarks with direct domain if SSL VPN portal uses specific port.
  • Fixed problem with blocking of DHCP requests over L2 bridge.
  • Fixed problem with expiration of static DNS records.
  • Fixed problem with failover over PPPOE connected gateway.
  • Fixed problem with NTLM authentication after user's authentication is expired.
  • Fixed problem with sending UDP packets of the same connection over different gateways in balancing mode.
  • Fixed problem with loosing routes in some cases.

UserGate UTM 5.0.6 Release candidate 3 (build 5.0.6.3290RC, 14.11.2018).

Important! This update will change settings of your LDAP connector and kerberos keytab. It is highly recommended to check these settings after update.

New in version:

  • Update includes all changes made in previous versions.
  • Added support RFC non-compliant proxy mode required for some bad designed applications.
  • Added ability to export all requests to white list.
  • Added ability to connect to resource VPN directly over SSL VPN.
  • Added ability to assign more than one IP address for high availability cluster.
  • Added ability to create routes with equal metric for balancing.
  • Added ability to enter username and password for FTP sites via FTP over HTTP.
  • Added ability to get user's group from custom field ERX-Service-Session for Radius accounting.
  • Added ability to provide specific updates only for selected clients.
  • Added ability to show history for week, month, year in dashboard.
  • Added additional consistency check for all updates before applying them.
  • Added bridge bypass mode for UserGate D, E, F network appliances.
  • Added DoS protection feature.
  • Added more details to SMTP notification for requests for white list.
  • Improved filtering of network packets with invalid TCP flags.
  • Improved some web-console dialogs.
  • Improved traceroute tool in diagnosing section.
  • Changed protocol for NTLM authentication from SMBv1 to SMBv2.
  • Fixed captive-portal template for Russian language.
  • Fixed error with incorrect event recorded to Event log for route deletion.
  • Fixed error with incorrect MAC address for high availability cluster in some cases.
  • Fixed firewall logging for clients with explicit proxy.
  • Fixed problem when SNAT doesn't work if UTM has more than one Internet connections.
  • Fixed problem when UTM shows speed 0 for some network interfaces.
  • Fixed problem with error when changing administrator's password.
  • Fixed problem with firewall rule with source address and explicit proxy.
  • Fixed problem with showing blocking page with long URL.
  • Fixed some reports which cannot be generated.

UserGate UTM 5.0.6 Release candidate 2 (build 5.0.6.3239RC, 10.14.2018).

Important! This update will change settings of your LDAP connector and kerberos keytab. It is highly recommended to check these settings after update.

New in version:

  • Update includes all changes made in version 5.0.6.3230RC.
  • Added VPN connection logging.
  • Added information about version of UserGate update installed to the event log.
  • Added ability to use IDS for mirrored traffic.
  • Improved IDS performance.
  • Improved license check for cluster.
  • Improved update revocation mechanism.
  • Fixed problem with assignment of more than 1 IP address to the HA cluster interface.
  • Fixed problem with Kerberos auth which is broken after auth TTL is expired.
  • Fixed HTTPS decryption problem if there are firewall rules allowing traffic only from specific IP and explicit proxy.
  • Fixed DNS filtering if UserGate is used as DNS server.
  • Fixed problem with filtering of FTP over HTTP.
  • Fixed problem with SSL certificates which can occur after upgrade.
  • Fixed incorrect display of list of users with Cyrillic letters in names.
  • Fixed problem with scenario which has virus detection as condition.
  • Fixed problem with applying HTTPS decryption for AD users.
  • Fixed error of bulk user import.

UserGate UTM 5.0.6 Release candidate (build 5.0.6.32303RC, 05.10.2018).

Important! This update will change settings of your LDAP connector and kerberos keytab. It is highly recommended to check these settings after update.

New in version:

  • Update includes all changes made in version 5.0.5.1.
  • Changed work with LDAP authentication servers. Optimized load, reduced excessive LDAP requests.
  • Added ability to filter web sites based on referrer value.
  • Added ability to use scenarios in content filtering rules.
  • Added Mirror type of interface.
  • Added net mapping rule to substitute network address in transit traffic.
  • Added new categories to UserGate URL filtering database:

    - Cryptocurrency Mining

    - Military

    - Reference and Research

    - Gay, Lesbian or Bisexual

    - Literature and Books

    - Nutrition and Diet

    - Pets and Animals.
  • Added ability to use virtual keyboard on Captive portal login page.
  • Added ability to add local users with Cyrillic logon names.
  • Added ability to choose LDAP domain on SSL VPN portal login page.
  • Added ability to copy MAC address from DHCP leases to DHCP reservations.
  • Added ability to use custom domain names in SMTP notification profile.
  • Added check for duplicates in import lists.
  • Added CLI command to show system logs.
  • Added column with IP addresses of auth servers in auth servers list.
  • Added compatibility for L2TP VPN on Windows XP.
  • Added status for LDAP connector.
  • Changed some web console elements.
  • Fixed problem with downloading of server statistics logs.
  • Fixed error in CLI command code-change-control.
  • Fixed incorrect log for user connect to VPN.
  • Fixed incorrect number of users' sessions in Network monitoring.
  • Fixed log message about exceeding limit of unsuccessful user authentication.
  • Fixed problem with creating a route with gateway 0.0.0.0.
  • Fixed problem with creating of network bridge.
  • Fixed problem with enabling/disabling several routes at once.
  • Fixed problem with identification user by IP+MAC.
  • Fixed problem with incorrect processing of Connection:close from web-servers when working with explicit proxy.
  • Fixed problem with no logs from IPS in log-only mode.
  • Fixed problem with NTLM auth with explicit proxy and non keep-alive connections.
  • Fixed problem with opening some sites with HTTP cache enabled.
  • Fixed problem with session reset during license check procedure.
  • Fixed problem with setting SMTP notification profile password in Cyrillic letters.
  • Fixed problem with uploading files to external resources if ICAP is enabled.
  • Fixed search by IP address in web access log and traffic log.
  • Fixed several Cannot connect to server errors.
  • Fixed sporadic kerberos user authentication loss.
  • Fixed problem with session reset during license check procedure.
  • Fixed sporadic memory leak.
  • Fixed sporadic UTM freeze.
  • Improved port mapping dialog.
  • Improved Reverse proxy rule configuration dialog.
  • Removed ability to use Cyrillic letters in VPN preshared key.

UserGate UTM 5.0.5.1 Release (build 5.0.5.2803R, 19.09.2018).

New in version:

  • Update includes all changes made in version 5.0.5.
  • Fixed problem with VPN connection from Android devices.
  • Fixed problem of switching cluster nodes when license is checking.
  • Fixed problem with interruption of youtube video when ICAP servers are enabled.
  • Fixed problem with reqmod mode for ICAP servers.
  • Fixed potential problem of blocking Captive portal traffic by firewall rule.
  • Fixed mistake in Captive portal processing rules excluding auth for specific URL lists.

UserGate UTM 5.0.5 Release (build 5.0.5.2792R, 29.08.2018)

New in version:

  • Added ability to export logs to csv-files
  • Added Log analyzer service to the list of zone's services
  • Added ability to make fully routable Site-to-Site VPN connections
  • Added ability to use several IP addresses at terminal server to support more users for authentication agent. Require to update Auth agent for termial servers
  • Added additional allowed characters to SNMP community string
  • Added extended logging for SSL VPN connections to RDP and SSH
  • Added paging and filtering for generated reports page
  • Added premium support option to license
  • Added support for non-anonymous ftp over http connections
  • Added support for PPPoE interface type
  • Added VPN events to event log
  • Fixed error with ftp over http and decrypting SSL
  • Fixed apt-get update problem via UTM
  • Fixed base64 encoding for ICAP server
  • Fixed content filtering rules to work correctly for user groups
  • Fixed error when firewall rule is not applied if user log out and then log in
  • Fixed error when web access log does not show blocked MIME types
  • Fixed error with failed login of Administrator user if 2 or more AD domains configured
  • Fixed excessive CAPTCHA request for multifactor authentication
  • Fixed incorrect display of firewall route action in traffic log
  • Fixed incorrect duration shown for SSL VPN connected users
  • Fixed incorrect IDPS rule processing for modified rules
  • Fixed incorrect URLF categories for sites containing question mark
  • Fixed problem when SNMP service cannot start if its TCP port is busy
  • Fixed problem when custom domains for ftpclient.captive is not working
  • Fixed problem with creating cluster with several virtual IP
  • Fixed problem with firewall rules applied for specific time ranges
  • Fixed problem with heuristic module start if it has broken bases
  • Fixed problem with high CPU load caused by teamviewer
  • Fixed problem with low ftp over http download speed and high CPU usage
  • Fixed problem with renewing SSL certificates for sites, which has certificate expired and then renewed
  • Fixed problem with restoring UTM from backup
  • Fixed problem with showing users GUID instead of usernames in VPN and SSL VPN monitoring
  • Fixed problem with SNMP does not provide all information to queries
  • Fixed problem with SNMP server cannot start
  • Improved Active directory and Free IPA connectors
  • Improved captive portal to remove leading/following spaces from user name
  • Improved error dialog for login attempt with incorrect username or password
  • Improved http performance
  • Improved log analyzer to support processors without SSE 4.2 instruction set
  • Minor improvements in offline activation

UserGate UTM 5.0.4 Release (build 5.0.4.2343R, 04.07.2018)

New in version:

  • Added support for VPN and SSL VPN
  • Developed numbers of web, traffic and system reports
  • Added support for SCADA protocols
  • Added support for SOAR (Security Orchestration, Automation and Response) in security policies
  • Added support for routing protocols OSPF and BGP
  • Added support for Active-Active high-availability clustering
  • Added support for multi-factor authentication based on TOTP, SMS, email
  • Added support for publishing HTTP/S resources via reverse-proxy
  • Added support for new authentication methods - NTLM, FreeIPA, TACACS+, SAML IDP
  • Added support for network interfaces of types LACP (link aggregation control protocol), bridge
  • Added support for FTP over HTTP
  • Developed new proxy agent for Windows for applications without native proxy support
  • Added support for custom program code injection to web pages
  • Added support for role-based UserGate management
  • Added ability to perform traffic balancing
  • Revised and improved IDPS
  • Added ability to filter traffic sent to ICAP servers, added support for ICAP servers farm
  • Improved general performance.

UserGate UTM 5.0.3 Release Candidate (build 5.0.3.1279RC, 03.04.2018)

Not for production environment.

New in version:

  • Added SSL VPN functionality (beta)
  • Added support for power supply status change to web-console and notification
  • Added support for Radius accounting for user identification
  • Added support for RAID status change to web-console and notification
  • New L7 processing engine
  • Fixed minor BGP bugs
  • Fixed minor bugs with ftp over http
  • Fixed minor VPN bugs
  • Fixed problem with endless backup operation
  • Fixed problem with policy for Domain Users group
  • Fixed problem with STARTTLS decryption for SMTP traffic
  • Fixed SNAT problem if different source and destination ports used
  • Fixed SSL decryption errors for some web-sites
  • Improved certificates behavior for *.captive
  • Improved DoS protection
  • Improved scenarios (SOAR)
  • Fixed numerous small mistakes

UserGate UTM 5.0.2 Beta (build 5.0.2.705B, 07.02.2018)

Beta version UserGate UTM 5.0.2 Not for production environment.

New in version:

  • Built on new UG OS platform
  • Improved Reverse proxy logic
  • Added new reports
  • Added ability to use preview option for ICAP servers
  • Added ability to code to base64 data for ICAP servers
  • Added support for HA cluster in active-active mode
  • Added new conditions to scenarios
  • Added support for web-sockets
  • Introduced proxy agent for Windows
  • Changed network adapter type for ovf image
  • Improved SMTP proxy
  • Improved VPN
  • Fixed rules processing for groups of users
  • Fixed numerous small mistakes

UserGate UTM 5.0.2 Beta (build 5.0.2.152B, 13.12.2017)

Beta version UserGate UTM 5.0.2 Not for production environment.

New in version:

  • Added ability to search for content in libriries lists
  • Added ability to authorize reverse proxy users by certificates
  • Added additional fields to reverse proxy rules
  • Improved some web console views
  • Improved HA cluster management
  • Improved performance of appliance components
  • Updated driver for 10-Gbit network card
  • Improved linux kernel
  • Improved DNS transport
  • Fixed some scenarios errors
  • Fixed L7 crash
  • Fixed problem with logging limit in firewall rules

UserGate UTM 5.0.1 Alpha (build 5.0.1289A, 16.11.2017)

Alpha version UserGate UTM 5.0. Not for production environment.

New in version:

  • Added ability to join several network ports into one logical port (link aggregation/bonding)
  • Added ability to create network bridge
  • Added L2TP VPN server. Standard clients from most popular OS are supported
  • Added ability to create high-availability cluster for up to 4 nodes without external balancer.
  • Added support for OSPF and BGP dynamic routing protocols
  • Added TPROXY mode for proxy server
  • Added support for ftp over http
  • Added support for reverse proxy. Secure resource publishing with HTTPS support and load balancing for publishing servers
  • Added support for port mapping
  • Added support for granular access control for administrative access to the UTM console
  • Added support for LDAP users and groups to be added as UTM administrators
  • Added support for 2 factors authentication (2FA)
  • Added NTLM as user authentication method
  • Added ability to authenticate users in transparent mode (no explicit proxy) with Kerberos protocol
  • Redesigned support for ICAP protocol. Added support for sending selected traffic only the ICAP servers
  • Added support for sending traffic to the ICAP servers farm (ICAP balancing)
  • Added ability to send mail traffic to ICAP servers
  • Added support for filtering SCADA protocols
  • Redesigned IDPS rules. Added ability to create custom IDPS profiles
  • Added new HTTPS decryption options, such as blocking of incorrect, revoked, self signed certificates
  • Added ability to negate any condition in rules
  • Added ability to block selected HTTP methods (POST, GET,...) in content filtering rules
  • Added ability to filter traffic based on UserAgent
  • Added ability to use outgoing zone in content filtering rules
  • Added ability to make exclusions to ad block filtering
  • Added ability to inject custom code to web pages
  • Added additional monitoring capabilities
  • Added more diagnosis tools, such as tcpdump, ping, traceroute, tracing content filtering rules
  • Added new time range types
  • Redesigned WEB UI
  • Redesigned statistics and reports module. More information added to the web access log
  • Improved application detection performance