UserGate UserGate 6.1.9 (hotfix build 6.1.9.12008R, 25/05/2023).
Сhanges in new version:
- [UGDNS-16646] Improved stability of VPN connections when using the IPsec protocol.
- [UGDNS-18487] Improved system stability with a large number of VPN connections.
- [UGDNS-18498] Improved VPN connection stability with Apple devices.
- [UGDNS-16238] Fixed incorrect operation of firewall rules containing lists of URLs.
- [UGDNS-18031] Fixed problem with TLS_GOST2012256_WITH_28147_CNT_IMIT encryption protocol processing.
- [UGDNS-18062] Fixed a problem saving of the default gateway on the PPPoE interface when the device is rebooted.
- [UGDNS-18334] Fixed OSPF metrics update when OSPF enabled on Active-Passive HA cluster slave node.
- [UGDNS-18385] Fixed a bug in the "cluster" configuration, in which the "master" role is not automatically switched when the gateway is unavailable.
- [UGDNS-18479] Fixed operation of the L7 module if the Security Updates license has expired. The L7 module no longer requires a license to work.
- [UGDNS-18480] Fixed handling of DHCP reservation names with underscores.
- [UGDNS-18501] Fixed a bug with "blinking" interfaces when working with bond.
- [UGDNS-18555] Fixed problem with incorrect display of the number of users in the Dashboard.
- [UGDNS-18567] Fixed incorrect TOTP session reset when using FreeIPA authentication server.
- [UGDNS-18596] Fixed export of settings configuration.
- [UGDNS-18611] Fixed Incorrect work of SMPP profiles.
- [UGDNS-18612] Fixed VPN user rights caching issue.
- [UGDNS-18646] Fixed a bug where the "useragent" field was not displayed in the content filtering logs.
- [UGDNS-18652] Fixed Incorrect operation of the Url list import mechanism.
- [UGDNS-18663] Fixed incorrect working of ICAP in load balancing mode.
- [UGDNS-18892] Fixed incorrect display of the VPN client address on the diagnostics page.
- [UGDNS-19118] Fixed incorrect work of content filtering rules with the "morphology" parameter.
UserGate UserGate 6.1.9 (build 6.1.9.11836R, 16/01/2023).
Сhanges in new version:
- Added Mincifra root certificate to the list of trusted certificates.
- Added ability to analyze VLAN tagged traffic on mirrored port.
- Added number of DNS servers check not to exceed 2 for VPN clients.
- Added ability to use telephone numbers up to 15 digits long.
- Added ability to create port forwarding rules without ports specified.
- Updated the interfaces list from SNMP ifTable and ifXTable.
- Increased timeout of second authentication factor confirmation.
- Increased the number of multicast groups which UserGate can subscribed to to 200.
- Improved watchdog procedure.
- Improved VPN stability.
- Improved UserGate NGFW stability.
- Improved traffic capture operation, added file size limit to 2Gb.
- Improved stability when WCCP is in use.
- Improved stability when deployed on QEMU hypervisor.
- Improved stability of authentication agent for terminal services.
- Improved sorting of library lists in rules selectors.
- Improved processing of user, if he exists in 2 or more domains with the same name.
- Improved processing of DNS requests by IDPS.
- Improved process of getting users information when a large amount of user sessions is established.
- Improved procedure of applying configuration changes from UGMC to NGFW devices.
- Improved order of displaying network ports in dashboard widget.
- Improved NGFW overall stability.
- Improved MC and NGFW sync process stability.
- Improved LDAP connector performance.
- Improved HA cluster stability.
- Improved establishing of VPN connection with different hash algorithms on phase 1 and 2.
- Improved display of IP addresses assigned via DHCP.
- Improved detection of user's groups by auth agent when membership changed.
- Improved configuration generating process in case of a large number of rules and library elements.
- Improved cluster configuration with 3 or more nodes stability while rebooting some of nodes.
- Improved General settings sync to NGFW devices.
- Improved cluster split-brain recovery after connectivity outages.
- Fixed the traffic capture filters error.
- Fixed the local lists sync error in MC and NGFW cluster slave node synchronization process.
- Fixed the bug of detecting the second network card bypass bridge interfaces.
- Fixed sync error of captive profiles between MC and NGFW when profile parameters updated.
- Fixed statistics database request execution error related to Active Directory conflict records.
- Fixed SNMP Engine ID sync error when NGFW configurated via MC.
- Fixed search query error in web access log when India used as traffic source/destination country.
- Fixed safe browsing rules logging when SSL inspection enabled.
- Fixed problem, when node status check in HA cluster could be unsuccessful in some cases.
- Fixed problem with web portal which may work incorrectly in Active-Active cluster.
- Fixed problem with web portal auth when TOTP MFA by SMS delivery used.
- Fixed problem with VPN users authentication if they use netbios domain name.
- Fixed problem with VPN reconnect to NGFW server when VIP repeatedly modified in Active-Passive cluster acting as a VPN client.
- Fixed problem with updating of firewall rules in HA cluster if cluster virtual IPs have changed.
- Fixed problem with triggering Captive portal rule if it has full URL in rule condition.
- Fixed problem with TOTP reset for users with Cyrillic letters in names.
- Fixed problem with storing data about users specified in MC rules after rules deleted.
- Fixed problem with starting traffic capture on the cluster node, other than node where rule was created.
- Fixed problem with SSL inspection for software anyconnect via explicit proxy.
- Fixed problem with slow opening sites over transparent proxy mode which has TCP option window-scale set to 0.
- Fixed problem with searching for url categories from content filtering rule edit dialogue.
- Fixed problem with SAML authentication.
- Fixed problem with processing some specific requests over reverse proxy.
- Fixed problem with processing of PBR rules if user added or deleted in rule's condition.
- Fixed problem with processing of content filtering, safe browsing, SSL and SSH inspection, mail security, and ICAP rules if user added or deleted in rule's condition.
- Fixed problem with outgoing messages queue filling up memory when exporting logs to Syslog server via TCP protocol.
- Fixed problem with no user identifications on cluster node after node rebooted.
- Fixed problem with no updating routes with automatic destination interface when interface settings changed.
- Fixed problem with no logs for triggered spoofing protection rules.
- Fixed problem with no logging in case of no SSL inspection configured, but content filtering rule with content analysis exists.
- Fixed problem with no information about number of packets of triggered DoS rule for zone in traffic log.
- Fixed problem with no ability to assign backup gateway for group of balanced gateways.
- Fixed problem with multiline responses for SMTP commands.
- Fixed problem with memory leak in proxy module, which may happen in some specific cases.
- Fixed problem with Mail security which cannot work on arbitrary SMTP port.
- Fixed problem with logging of DoS protection rules triggers.
- Fixed problem with license registration on new cluster node right after finishing registration of main node.
- Fixed problem with incorrect search result if backslash is used in search string.
- Fixed problem with incorrect processing of traffic from proxy agent by content filtering rules.
- Fixed problem with incorrect OSPF routes cost in active-passive cluster with more than 2 nodes.
- Fixed problem with incorrect logging of IDPS rules.
- Fixed problem with incorrect folder list over sftp and ssh inspection configured.
- Fixed problem with ignoring of VRF when processing traffic with destination ports 80 and 443.
- Fixed problem with getting error when monitoring web portal users authorized with cookie.
- Fixed problem with gateway lost after reboot, happening in some specific cases.
- Fixed problem with failover gateway unavailable, which happens in some cases.
- Fixed problem with expiration of key for temp users validation.
- Fixed problem with excessive memory use while using overridden domains.
- Fixed problem with DNS when internal cache is not used for records with large number of addresses.
- Fixed problem with displaying of terminal services users in traffic log.
- Fixed problem with DHCP relay on VLAN interfaces stopped working after UG OS version upgrade.
- Fixed problem with creating configuration cluster using bond interface.
- Fixed problem with corrupted configuration file while it was exported to ftp location.
- Fixed problem with connecting to 3rd party vendor's VPN over NAT.
- Fixed problem with configuring PBR rule, if it uses different node's gateway.
- Fixed problem with closing of AP Continent VPN, if no traffic transmitted from client during timeout.
- Fixed problem with client connection to Site-to-Site VPN when user changed for this connection.
- Fixed problem with caching of DNS responses for requests for SOA and CNAME record types.
- Fixed problem with block page which shows "garbage" information for sites with more than 64 HTTP headers.
- Fixed problem with applying of zone services committed from UGMC.
- Fixed problem with applying of services from UGMC to NGFW which contains Cyrillic symbols in names.
- Fixed problem with applying gateways with same IPs if they were created by UGMC.
- Fixed problem with all parameters link-info lost after reboot except last added.
- Fixed problem with AdBlock database update on cluster configuration nodes.
- Fixed problem when DHCP lease can't be removed if its subnet removed or changed.
- Fixed problem of using of virtual IP of high availability cluster for load balancing.
- Fixed problem of high load on NGFW during traffic processing by mirror type interface.
- Fixed problem causing the web interface inaccessibility.
- Fixed OSPF costs update error when HA cluster master changed multiple times.
- Fixed order of physical interfaces in ifTable.
- Fixed memory leak in some VPN configurations.
- Fixed incorrect value transmitted for sysUpTime in SNMP.
- Fixed incorrect processing of mails, which have dot and carriage return in their body.
- Fixed IDPS module incorrect update error.
- Fixed error with URL lists sync between NGFW cluster nodes when firewall rules created in MC.
- Fixed error with applying PBR rules to users specified in the rules after they are re-authorized.
- Fixed error of synchronization between MC and NGFW configuration cluster in case one of the nodes is unavailable.
- Fixed error occurred when incorrect temporary guest account expiration date in captive profile properties specified.
- Fixed compatibility with 3rd party VPN solutions if NAT-traversal is used.
- Fixed bug with path rewriting when HTTPS used for resources publication via reverse proxy rules.
- Fixed bug with fastpath module self-enabling after it was disabled.
- Fixed bug of memory full utilization caused by working with ICAP server.
- Fixed an error in identifying groups of users been in several domains.
- Fixed access check error on web portal.
- Fixed a problem with optimizing the storage of user account information.
- Fixed problem with establishing of TLS session with some high load web sites in transparent proxy mode.
- Fixed problem with transferring data by Telegram messenger for some Telegram's services.
UserGate 6.1.8 Release (build 6.1.8.11532R, 22/08/2022)
Сhanges in new version:
- Added ability to change data fastpath mode for firewall via CLI.
- Auth agent for terminal server has been updated.
- Improved CPU load by LogAn when processing LDAP users' names.
- Improved displaying of Dashboard's widgets with large number if network interfaces.
- Improved firewall performance if no content filtering and SSL inspection rules applied.
- Improved firewall stability in Hyper-V.
- Improved general firewall stability.
- Improved memory management for L7 and IDPS modules.
- Improved view of large number of NICs in Dashboard.
- Fixed problem with certificate chain added to Captive portal certificate was not provided at Captive portal page.
- Fixed firewall behavior if no correct DNS server configured.
- Fixed intermittent memory leak in proxy module.
- Fixed MIME type for pcap files, which are downloaded from NGFW.
- Fixed problem with blocking of outgoing syslog traffic by IDPS.
- Fixed problem with changing network interface type and address in CLI.
- Fixed problem with changing source zone in existing port forwarding rule.
- Fixed problem with changing zone's access control for web portal was NAT applied.
- Fixed problem with connecting users to VPN, if VPN server rule contains local groups with local or domain users.
- Fixed problem with inability to create 2 load balancers with the same port, but different transport protocols.
- Fixed problem with incorrect ICAP server status check, which may happen in some cases.
- Fixed problem with logging of domain user authentication information if user logged in s domain\user.
- Fixed problem with logging user which was identified by radius accounting.
- Fixed problem with no information of successful user auth in log export.
- Fixed problem with no logged event for reverse proxy rules.
- fixed problem with no logging of web safety rules.
- Fixed problem with no pcap files for triggered IDPS events, if several events happened.
- Fixed problem with PBR processing in cluster configuration.
- Fixed problem with processing Captive portal auth timers.
- Fixed problem with proxy port assigned from UGMC is not applied at NGFW.
- Fixed problem with restoring VPN settings from exported configuration.
- Fixed problem with simultaneous authentication user from terminal server and Captive portal.
- Fixed problem with VPN connection if authenticating over Radius server.
- Fixed problem with web portal which may work incorrectly in Active-Active cluster.
- Fixed various auth errors in Terminal services auth agent.
UserGate 6.1.7 Release (build 6.1.7.11418R, 08/06/2022)
Сhanges in new version:
- Added ability to record traffic for triggered IDPS events.
- Added ability to create VPN tunnels with third party vendors using GRE over IPSec and IPsec over GRE.
- Added ability to chose main/aggressive mode for IKE SA negotiation for VPN IKEv1.
- Added ability to select different hash and encryption algorithms for 1 и 2 phases of IKEv1 VPN.
- Added ability to select Diffie–Hellman groups for VPN IKEv1.
- Added ability to use GeoIP addresses as source addresses for VPN server rules.
- Added ability to search local user by MAC address assigned to him.
- Added ability to sort IP list by name in rules.
- Added increased cost (double) for OSPF distributable default route for standby node in AP cluster.
- Added Restful API for UserGate management.
- Increased the number of network interfaces to 10 for OVF image.
- Improve GeoIP quality.
- Improved CLI over SSH security.
- Improved Dashboard graph of current NGFW users.
- Improved displaying of long URLs in reports.
- Improved IDPS performance in iperf performance testing.
- Improved L7 information (application and application protocol) presentation in traffic log.
- Improved large number of lists in libraries.
- Improved log rotation procedure.
- Improved NGFW stability when old and low performance NICs are configured in hypervisor for virtual appliance.
- Improved overall stability of NGFW.
- Improved procedure of removing elements from rules, if search was used for finding these elements.
- Improved process of downloading large sized logs.
- Improved processing of fragmented OPC UA commands.
- Improved processing of packets requiring fragmentation.
- Improved security of UserGate software updates.
- Improved server time display when switching between configuration pages.
- Improved synchronization effectiveness of large objects between cluster configuration nodes.
- Improved Terminal server authentication agent. Required to update terminal agent software.
- Improved updates check and download procedure.
- Improved users from terminal servers identification information between nodes of UserGate cluster.
- Improved validation for OSPF interface priority.
- Improved watchdog procedure.
- Fixed a problem with the absence of static routes when connecting directly connected to the network in which the gateway for this route is located.
- Fixed incorrect status displayed in traffic log for DoS protection rules triggered.
- Fixed intermittent problem with VPN service hangs when switching VPN rule on/of.
- Fixed memory leak when bond interfaces are in use.
- Fixed minor problems of viewing web portal bookmarks.
- Fixed NGFW crash when L3 bridge with bypass is configured.
- Fixed problem when exported logs shows default node name but not name set by administrator.
- Fixed problem when firewall rule is still active even it was disabled by administrator.
- Fixed problem with incorrect processing of SSL inspection rules, if they applied to AD users.
- Fixed problem with changing AP cluster state when editing cluster configuration on slave node.
- Fixed problem with content filtering rules which do not consider destination zone condition in some cases.
- Fixed problem with content filtering when filtering SNI value with URL lists.
- Fixed problem with defining of bypass ports on second network cards.
- Fixed problem with deleting URL list from UGMC in some cases.
- Fixed problem with gateways lost in cluster after importing configuration.
- Fixed problem with getting url category for domains listed in Overridden url categories.
- Fixed problem with HA cluster's traffic blocked by spoofing protection rules, happening in specific cases.
- Fixed problem with importing VLANs and bonds from saved configuration.
- Fixed problem with inability to add route to the network which is directly connected to the UserGate.
- Fixed problem with inability to establish some TCP sessions with remote host with fast port reuse configured.
- Fixed problem with inability to reconnect to SSH server published via web portal, if user closed web page with established connection.
- Fixed problem with incorrect processing of content filtering rules during rebuilding rules.
- Fixed problem with incorrect time formats for some schedule.
- Fixed problem with incorrect time used for report generation if local time zone is used.
- Fixed problem with incorrect user's group membership, if user and groups are in different AD domains with trust relationship.
- Fixed problem with incorrect zone is logged to traffic log for DoS protection rules.
- Fixed problem with logging of responded UDP packets when Log session start is selected.
- Fixed problem with management of lists in rules, if number of lists exceeds 20.
- Fixed problem with missing UTM-ENTERPRISE-MIB in downloaded MIB-file.
- Fixed problem with no entry in web access log for HTTPS request without SNI.
- Fixed problem with no information about network port state in SNMP.
- Fixed problem with no IP and URL lists in exported configuration.
- Fixed problem with no routes and information from BGP neighbor.
- Fixed problem with packets loss between different types of NICs.
- Fixed problem with recreating of bond and bridge interfaces when applying any network interface changes from UGMC.
- Fixed problem with search by IP address in arrived from UGMC rules.
- Fixed problem with shaper rules, which could be applied in a wrong order.
- Fixed problem with SSL inspection in transparent proxy mode if URL and categories condition are used.
- Fixed problem with terminal server auth agent when number of IP addresses changed. Required to update terminal server auth agent.
- Fixed problem with traffic capturing.
- Fixed processing of Captcha in web portal.
- Fixed UserGate crash which may happen when firewall rule with L7 or IDPS rule block traffic with sending RST to both parties.
UserGate 6.1.6 Release (build 6.1.6.11213R, 23/03/2022)
Сhanges in new version:
- Added ability of SSH inspection logging.
- Added ability to create SSH inspection reports.
- Added ability to identify user belonging to more than one domain when authenticating via terminal server agent.
- Added ability to set more than 1 IP address for Radius server.
- Added reverse proxy path rewrite functionality for the Domain parameter in the set-cookie HTTP header.
- Added sorting for HA cluster objects.
- Added state indicator for ICAP server.
- Improve sorting of local users list.
- Improved check procedure for complexity of Admin's password compliance.
- Improved errors meaning for registration process.
- Improved IDPS performance for STUN traffic.
- Improved license check procedure.
- Improved order of events of remote access VPN connections.
- Improved processing of large number of unsuccessful LDAP requests.
- Improved processing of SSH inspection rules.
- Improved stability with lists importing operations, which contain invalid data.
- Improved Terminal server authentication agent. Required to update terminal agent software.
- Improved UserGate NGFW stability.
- Removed "Log all packets" option for Policy based rules.
- Removed ability to negate condition for L7 application in firewall rules.
- Removed ability to use domain built-in groups in filtering policies.
- Servers for remote assistance have moved to Russian Federation.
- Fixed error which happens during searching for a user which TOTP key should be reset.
- Fixed incorrect GeoIP addresses for EU zone.
- Fixed incorrect RBAC assigned from UGMC to UserGate devices.
- Fixed logging of fetch_cert is failed event for SSL inspection.
- Fixed notation for ICAP servers URI.
- Fixed problem with allow rule in content filtering with destination Zone/IP set.
- Fixed problem with determining of destination zone for Captive portal rules.
- Fixed problem with filtering by URLs for list containing Cyrillic domains.
- Fixed problem with filtering by useragent when useragent does not contain any value (empty).
- Fixed problem with gateway via specific interface remains active after this interface is added to a bond interface.
- Fixed problem with GRE tunnel disappeared from assigned VRF after reboot.
- Fixed problem with inability to install offline security update.
- Fixed problem with incorrect interfaces status, which were part of the bond interface, after bond deleted.
- Fixed problem with incorrect NAT processing for more than one client if traffic has fixed source ports.
- Fixed problem with incorrect number of IP address which consume licensed number of users.
- Fixed problem with incorrect processing of content filtering rules during rebuilding rules.
- Fixed problem with incorrect showing network interface belonging to custom VRF in default VRF.
- Fixed problem with logging of default rule 'Default allow' with disabled logging.
- Fixed problem with lost of static users identification when membership in local group changed for some users.
- Fixed problem with memory leak which may happen sometimes during processing TLS traffic.
- Fixed problem with validation of reserved hosts in DHCP.
- Fixed processing of Captcha in web portal.
UserGate 6.1.5 Release (build 6.1.5.11134R, 11/02/2022)
Сhanges in new version:
- Added ability to enable X-Forwarded-For header.
- Added ability to get the IP addresses list of hosts consuming license.
- Added ability to search by signature name in IDPS rules.
- Added ability to set custom SNMP engine ID.
- Added ability to use 'Not in' operator in search rules.
- Added context help for advanced search in web console.
- Added information about blocking reason of https service for Reverse proxy.
- Added more parameters checks while creating VRF.
- Added QoS pre-classify option for VPN tunnels.
- Added reverse proxy path rewrite functionality for the Domain parameter in the set-cookie HTTP header.
- Added support for diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, ssh-rsa protocols to cli over ssh.
- Added support for diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, ssh-rsa protocols to SSH inspection.
- Added support for RAID controller LSI 9361-16i.
- Additional checks added for DHCP options.
- Admin console tab renamed to Settings tab.
- Improved administrator's login page view for different browser window size.
- Improved CA certificate name which is used by UserGate node for SSL inspection.
- Improved check and download procedure of updatable lists. Added additional logging for this events.
- Improved firewall performance for type of network card virtio in KVM-libvirt.
- Improved IDPS performance for traffic of specific protocols and applications.
- Improved IDPS performance on high speed traffic.
- Improved management of local users created from UGMC.
- Improved performance of content filtering processing with virus or morphology check in some cases.
- Improved performance of stream virus check.
- Improved SSL inspection in transparent mode for web sites with legacy TLS protocol versions.
- Improved SSL rules processing when client does not send SNI.
- Improved updating, deleting and creation of local users with static IP addresses on UserGate, created from UGMC.
- Improved UserGate stability when inspecting GRE tunnels.
- Improved UserGate stability.
- Increased performance of IDPS.
- Removed excessive logging which may cause performance degradation.
- Fixed an issue when DNATed HTTP(s) traffic could be blocked by default Block everything policy.
- Fixed crash which may happen in some cases when add/delete content filtering rule.
- Fixed excessive TCP fragmentation to client connection with transparent proxy and content filtering or SSL inspection enabled.
- Fixed issue that could result in gateway absence after settings import.
- Fixed load balancer with more than one balancing rules configured.
- Fixed problem when DHCP relay may not work correctly if DHCP pool has some specific settings.
- Fixed problem when protocol TCP was always saved in port forwarding rules , no matter which protocol was originally set.
- Fixed problem with 3 seconds delay in opening some websites in transparent proxy mode.
- Fixed problem with access to a several web-sites, for example, http://web.tpu.ru.
- Fixed problem with adding of Active directory group Builtin Users to the rules.
- Fixed problem with applying shaping policies for group of users from LDAP.
- Fixed problem with applying to UserGate updated in UGMC URL list.
- Fixed problem with assigning incorrect administrator profile, if administrator has different profiles assigned to him and to his groups.
- Fixed problem with blocking of transit multicast traffic.
- Fixed problem with bypass bridge on cluster created from different types of appliances.
- Fixed problem with certificate is not updated when changes made in service domains auth, logout, block.
- Fixed problem with changing of auth method after auth profile was created in UGMC.
- Fixed problem with connecting from Secure CRT to CLI SSH.
- Fixed problem with content filtering for HTTPS sites which have SNI different from certificate's subject name.
- Fixed problem with content filtering rules processing for rules with time restrictions.
- Fixed problem with creating full backup and error Cannot mount /dev/dm-3.
- Fixed problem with creating of copy of report rule.
- Fixed problem with delay in opening web sites from terminal servers with installed terminal server auth agent. Update of auth agent for terminal servers is recommended.
- Fixed problem with disappearing of directly connected routes on HA cluster node which changed from Master to Slave.
- Fixed problem with DNS SRTT may get negative value.
- Fixed problem with filtering by URL lists containing regexp elements ^, $, *.
- Fixed problem with inability to add url started with // to URL list.
- Fixed problem with inability to block traffic of Anydesk app by content filtering.
- Fixed problem with inability to create VRF with name, which is already in use on another cluster node.
- Fixed problem with inability to set password for terminal services agents via UGMC.
- Fixed problem with incorrect AD group membership for a user, who logged in from different devices when membership was changed in AD.
- Fixed problem with incorrect consuming of licenses when ip spoofing protection is enabled.
- Fixed problem with incorrect MAC address assignment on bond interface after system reboot.
- Fixed problem with incorrect processing of content filtering rules in explicit proxy mode with defined destination zone and disabled SSL inspection.
- Fixed problem with incorrect processing of policy for a particular user, if he logged out from one of computer and continue to work on another computers.
- Fixed problem with incorrect processing of requests for reverse proxy, if web portal listens on the same port.
- Fixed problem with incorrect processing of users groups happened in some cases in cluster.
- Fixed problem with incorrect search result when searching for IP addresses in some cases.
- Fixed problem with incorrect sequence of prefix lists and routemaps in BGP.
- Fixed problem with incorrect terminating of terminal servers users.
- Fixed problem with incorrect tracing rule processing in some cases.
- Fixed problem with incorrect URLF category in notification for adding request for white list for a web site.
- Fixed problem with incorrect work of scenarios with application L7 as condition.
- Fixed problem with local user identification, if it was created in UGMC with static IP address.
- Fixed problem with local users identification, if they identified by static IP, when they are added to a group.
- Fixed problem with logging in to CLI SSH with password containing special symbols.
- Fixed problem with logging of default rule 'Default allow' with disabled logging.
- Fixed problem with memory leak when using HTTP PUT method with web console.
- Fixed problem with memory leak which happens when opening block pages with HTTP POST method.
- Fixed problem with no blocking reason in web access log.
- Fixed problem with no record in web access log for blocked by AdBlock connections, when no SSL inspection enabled.
- Fixed problem with placing NAT rule to a specific position in the rules list when creating a rule.
- Fixed problem with processing of content filtering rules with time restriction.
- Fixed problem with restoring UserGate settings from backup if it was connected to UGMC.
- Fixed problem with RIP v2 does not work if password set for authentication.
- Fixed problem with SCADA rules, which require to have firewall rules allowing traffic from UserGate.
- Fixed problem with several gateways can be assigned as default gateways.
- Fixed problem with some packets lost when traversing over route leaking over other's VRF.
- Fixed problem with spam mail filtering happening in some cases.
- Fixed problem with sporadic connectivity issues for some websites (Sberbank business).
- Fixed problem with SSL inspection if site's certificate contains Cyrillic letters.
- Fixed problem with traffic filtration if no L7 database exists.
- Fixed problem with update checking for custom updatable lists if connectivity lost between NGFW and UGMC.
- Fixed problem with updating of custom lists on UserGate, when rules with these lists are updated on UGMC.
- Fixed problem with user authentication by TACACS+ servers.
- Fixed problem with UserGate crash happened in some cases.
- Fixed problem with VoIP telephony which doesn't work over UserGate.
- Fixed UserGate server crash when deleting bridge interface which is in use by SSL inspection.
UserGate 6.1.4 Release (build 6.1.4.11011R, 17/11/2021)
Сhanges in new version:
- Added syslog rotation by log size.
- Added BGP allowas-in functionality.
- Added ability to use symbols * and ^ in mail addresses in mail addresses library.
- Added ability to show SNAT addresses in NAT and routing rules grid.
- Added ability to have simultaneous connections to SSH CLI.
- Added ability to disable collection of additional debugging information from CLI.
- Improved view of errors of sync cluster's nodes with UGMC.
- Improved UserGate stability.
- Improved statistics database update procedure during software update.
- Improved stability of proxy agent UserGate.
- Improved stability of IDPS module.
- Improved stability of authentication agent for terminal services.
- Improved SSL rules processing when client does not send SNI.
- Improved search speed of big lists of IP addresses and URLs.
- Improved search for content of morphology databases.
- Improved search for content of fields in content filtering rules.
- Improved remote administrator service, in case port 22 is blocked with reject packet sent.
- Improved processing of DNS requests if some of DNS servers are not responding.
- Improved performance of simultaneous authentication of large number of users.
- Improved performance by made DNS SRTT metric is non clusterable.
- Improved overall stability of UserGate.
- Improved new IDPS and L7 lists update procedure to eliminate corrupted signatures from being loaded.
- Improved logging levels for NAT, DNAT and Port forwarding rules.
- Improved L7 application processing.
- Improved import of network settings to all cluster's nodes.
- Improved IDPS performance.
- Improved IDPS performance on high speed traffic.
- Improved HA cluster configuration view.
- Improved export configuration - added overridden domains to export.
- Improved DNS over TCP requests processing.
- Improved displaying of time in logs, removed fractions of second.
- Improved CPU cores load. Added support for up to 256 cores.
- Improved check for overlapping when assigning virtual IP address in a VRF.
- Improved check for correctness of cluster node name. Added ability to use '-' symbol in node name.
- Improved Captive portal rules view if there are more than 20 rules.
- Improved API functions checks for correctness of calls.
- Improved and optimized logging of IDPS events. Removed excessive events logging to traffic log.
- Improved algorithm of applying changes to configuration of ospf, bgp, rim and pim routers.
- Improve performance of determining of output zone.
- Fixed vulnerability BDU:W-2021-00199, no header Content-Security-Policy.
- Fixed vulnerability BDU:W-2021-00200, no header Strict-Transport-Security (HSTS).
- Fixed vulnerability BDU:W-2021-00191, allowing XSS attack on search string in Logs and reports page.
- Fixed vulnerability BDU:W-2021-00192, allowing SQL injection attack on search string in Logs and reports page.
- Fixed vulnerability BDU:W-2021-00189, allowing to create a local user with not complex password.
- Fixed vulnerability BDU:W-2021-00202, no header X-XSS-Protection.
- Fixed some minor dialog problems after override domain's category.
- Fixed SMTP service crash when receiving emails from gmail.com.
- Fixed search for IP address in port forwarding rules.
- Fixed search by source address in NAT and routing rules.
- Fixed rules processing for rules with negate for url list.
- Fixed rules filtering problem based on enable/disabled rule option in NAT and routing.
- Fixed problem with web-console hangs when editing of local user with high number of local users.
- Fixed problem with VLAN tag removal in case of redirecting traffic from one VLAN to another, or from VLAN to an access port.
- Fixed problem with VLAN interfaces created on Bond interface are down after server restarted.
- Fixed problem with using of deprecated UDP port 8472 for VXLAN communications instead of 4789.
- Fixed problem with using default gateway for Default VRF if no default gateway configured in custom VRF.
- Fixed problem with UserGate hangs in some cases if Intel networks cards are in use.
- Fixed problem with URL lists containing domains in Cyrillic.
- Fixed problem with URL category check if URL contains leading or trailing spaces.
- Fixed problem with updating large number of VLAN interfaces in one click.
- Fixed problem with unable to connect error in web console if searching LDAP group and LDAP server's host cannot be resolved.
- Fixed problem with triggering scenario for IDPS event for LDAP group.
- Fixed problem with TCP window size which can lead to high memory use in some cases.
- Fixed problem with switching of BGP router in Active-Passive cluster when master role is transferred to reserved node.
- Fixed problem with some settings lost when changing OSPF router.
- Fixed problem with slow downloading speed if SSL inspection is enabled.
- Fixed problem with showing user as Unknown in traffic log, while it was authenticated by auth agent for Windows.
- Fixed problem with showing of gateways by gateway list CLI command.
- Fixed problem with routes and gateways which were created in CLI are not shown in web console in some cases.
- Fixed problem with restoring UGMC from backup.
- Fixed problem with page modification mark is not displayed in some cases in UGMC templates.
- Fixed problem with notification about incorrect checksum for file settings.pyc.
- Fixed problem with no rule name is displayed in IDPS logs.
- Fixed problem with no logging of DoS protection rules on zones.
- Fixed problem with no logging configuration is in exported config.
- Fixed problem with no information about number of packets of triggered DoS rule for zone in traffic log.
- Fixed problem with no information about mime type in log when blocking by mime-type.
- Fixed problem with no displaying of BGP neighbor status in custom VRF.
- Fixed problem with no content filtering for L2 or L3 bridge interfaces.
- Fixed problem with moving of pre and post rules from local UserGate console.
- Fixed problem with locking of administrators account in case of exceeding number of false authentication attempts.
- Fixed problem with LDAP administrator logging in to web console happened in some cases.
- Fixed problem with large attachment over POP3 protocol blocked by mail security rules.
- Fixed problem with IP assignment to the interface after restoring configuration, if it had different mode in saved configuration.
- Fixed problem with incorrect weight is assigned to a morphology phrase if phrase assigned from UGMC.
- Fixed problem with incorrect uptime provided by SNMP.
- Fixed problem with incorrect sequence of prefix lists and routemaps in BGP.
- Fixed problem with incorrect rules processing for local users, happening in some cases.
- Fixed problem with incorrect processing of policies with LDAP groups in cluster.
- Fixed problem with incorrect processing of content filtering rules during rebuilding rules.
- Fixed problem with incorrect displaying of cluster IP address on slave node.
- Fixed problem with inability to send IDPS log records to external syslog server.
- Fixed problem with inability to save value in Keep-alive time field of Mulitcast router.
- Fixed problem with inability to log in as Admin@emergency to CLI over SSH.
- Fixed problem with inability to export configuration by read only administrator.
- Fixed problem with inability to disable network interface from interface configuration dialog, if IP address was obtained by DHCP and there is another interface with address in the same range.
- Fixed problem with inability to delete VRF, which was created on the cluster node which was deleted.
- Fixed problem with inability to delete VLAN if it is created on disabled physical interface.
- Fixed problem with inability to create LDAP connector if use digits in LDAP domain name field.
- Fixed problem with inability to apply metric to non-unicast routes.
- Fixed problem with inability to add DHCP relay on disabled interface.
- Fixed problem with IDPS module crashes during disabling it or updating signatures, happening in some cases.
- Fixed problem with HTTP/S connection freezes in some cases in transparent proxy mode.
- Fixed problem with high vCPU utilization caused by changes of updatable lists.
- Fixed problem with high vCPU usage during authentication of large number of users in cluster active-passive.
- Fixed problem with high CPU usage during DDoS attacks and enabled DoS protection.
- Fixed problem with high CPU load in case of several administrators connected to CLI over SSH.
- Fixed problem with gateway status does not update if unplug and then plug cable in.
- Fixed problem with gateway disappearing, if it was created before first initialization of system.
- Fixed problem with factory reset function after applying UGMC update.
- Fixed problem with erasing routes and gateways created from CLI after first initialization of UserGate.
- Fixed problem with downloading of files via ftp over http.
- Fixed problem with displaying of carriage return symbol in CLI over SSH for Windows computers.
- Fixed problem with code injection in Safe browsing rules.
- Fixed problem with cluster node registration error if Cyrillic symbols were used in registration form.
- Fixed problem with cluster configuration not imported from exported configuration.
- Fixed problem with changing OSPF encrypted authentication key.
- Added check for source zone presence in reverse proxy rules to avoid potential conflict with Captive portal rules.
- Fixed problem with Captive authentication with defined destination IPs.
- Fixed problem with applying negate action for services in firewall, IDPS and traffic shaping rules.
- Fixed problem with applying empty lists assigned from UGMC.
- Fixed problem with application identification for some applications.
- Fixed problem with append community option is not saved for routemap in BGP.
- Fixed problem with announcement of BGP routes happening in some cases.
- Fixed problem with adding rule and placing it on top of the rules for Nat and routing, IDPS, Reverse proxy and VPN rules.
- Fixed problem with adding bridge and bond types of interfaces to a static route.
- Fixed problem with accessing console by LDAP administrator created in UGMC.
- Fixed problem with ability to delete certificate which is in use by web portal.
- Fixed problem when users are not counted if explicit proxy is used on non-default port.
- Fixed problem when exported configuration does not contain DNS information.
- Fixed problem when changing user's group does not effect in UserGate if auth agent for Windows is used for authentication.
- Fixed problem of identification of local users with assigned IP addresses if Captive portal is configured.
- Fixed problem of file upload over HTTP-proxy connection.
- Fixed problem of enabling all VLANs on the interface in case of disabling and then enabling of physical interface.
- Fixed problem of blocking valid traffic due to incorrect setting of the source zone for some of the packets passing through the custom VRF.
- Fixed problem of automatic changing port's mode to Manual after link outage.
- Fixed mail security problem if set SMTP/S service without destination port specified.
- Fixed incorrect work of content filtering rules with Warn action.
- Fixed incorrect coding of messages in the event log for lists with Cyrillic letters.
- Fixed error which may happen when deleting of secondary NTP server.
- Fixed error when read only administrator checks LDAP connector connectivity.
- Fixed error of displaying of log with catlog command when connected to CLI as Admin@emergency.
- Fixed error message for license activation without connectivity to the license server.
- Fixed error if administrator is trying to delete several firewall rules together with default block rule.
- Fixed error happening when creating morphology list.
- Fixed content filtering if destination addresses contains URL list with destination domains.
- Fixed connection error while trying to connect to Log Analyzer server from UserGate over UGMC console.
- Fixed check if zone is used in rules when deleting zone.
UserGate 6.1.3 Release (build 6.1.3.10787R, 19/08/2021)
Сhanges in version 6.1.3:
- Added validation for AS number field in BGP virtual router.
- Added ability to add domain users to local groups.
- Added ability to add IP range to IP lists.
- Added ability to change pre rules to post and vice versa.
- Added ability to enable/disable VPN rule, which came from MC.
- Added ability to extend data partitions to several disks.
- Added ability to keep original values for windows scaling, sack, mss and timestamp options for connections over proxy.
- Added ability to show number of users connected over UserGate in case of unlimited license.
- Added ability to show templates included to group of templates in managed devices view.
- Added ability to use more than 15 countries in geoip restriction in rules.
- Added description for detected applications on traffic log page.
- Added error message when connecting to Cisco VPN in Site-to-Site case and preshared key is not matched.
- Added new widget for total unique user count for a period of time.
- Added sorting to users list.
- Added support for DES crypto algorithm to VPN.
- Added traffic monitoring page in diagnosis section to show users connections in real time with in and out speed.
- Added validation for entered values in Key field of network adapter settings in OSPF configuration.
- Added warning if set proxy server to use standard ports (80, 443).
- Added warning page for Force changes button in Firewall policy settings.
- Improved and optimized processing of content filtering rules.
- Improved and speed up content filtering processing of users requests.
- Improved check for interface is not used in any of routing protocols in virtual routers while deleting the interface from virtual router.
- Improved displaying of found users, added first and last name along with username.
- Improved DNS service stability on UDP.
- Improved error message for situations where no connectivity between cluster's nodes.
- Improved IDPS stability.
- Improved L7 application processing.
- Improved modules loading procedure during boot process.
- Improved naming for UGOS updates for LogAn, NGFW and MC.
- Improved process of changing rule type from SNAT to PBR.
- Improved proxy server stability in some modes.
- Improved replication stability of libraries lists between cluster's nodes.
- Improved search for content of fields in content filtering rules.
- Improved server's boot speed if server has at least one interface configured with DHCP address and DHCP sends hostname.
- Improved some fields on registration form.
- Improved stability of load balancing if proxy is enabled.
- Improved users state synchronization between cluster nodes.
- Improved validation of path rewrite fields in Reverse proxy rules.
- Improved view of large numbers of elements.
- Improved VPN stability.
- Improved VRF update procedure.
- Improved work with NICs which were removed physically, but still remain in the system.
- Increased time allocated for UserGate to apply firewall rules.
- Removed validation of AD availability when creating AD connector in MC.
- Fixed bond interface work in specific modes.
- Fixed DNS errors for some specific DNS requests.
- Fixed DNS resolution when default gateways exist in default VRF and client's VRF, and explicit proxy configured.
- Fixed error happened when moving rule to another position in the list.
- Fixed error when calling traceroute command on VPN interface in Diagnostics and monitoring.
- Fixed error when creating load balancing rule and left field port empty on Fallback settings.
- Fixed errors when creating a custom report in LogAn.
- Fixed errors when generating some reports.
- Fixed incorrect displaying of AD users with Cyrillic letters in web access log.
- Fixed incorrect pairs of interfaces for bypass bridge.
- Fixed memory leak in network system under high load.
- Fixed memory leak which happened in some cases.
- Fixed permissions list available for managing from administrators profile.
- Fixed problem incorrect rule placement when creating.
- Fixed problem when content filtering by URL does not work in some cases.
- Fixed problem when UserGate does not accept authentication information from browser and shows Captive portal window.
- Fixed problem when web-console can occupy TCP port which is used for statistics service.
- Fixed problem with ability to get to the web console at addresses login.captive and logout.captive.
- Fixed problem with ability to import arbitrary words to IP lists.
- Fixed problem with adding or deleting of interface to RIP router.
- Fixed problem with applying firewall rules with negate option enabled in source/dest zones condition.
- Fixed problem with authentication Kerberos users after server restart.
- Fixed problem with CLI command catlog.
- Fixed problem with content filtering rules applied to DNS filtering only.
- Fixed problem with content filtering rules with time restriction, which are not triggered on time zone set in general settings.
- Fixed problem with creating IDPS profile.
- Fixed problem with creating more than 16 zones.
- Fixed problem with creation of mail security widget.
- Fixed problem with cyclic block page reload happened in some cases.
- Fixed problem with deleting bond interface from CLI.
- Fixed problem with DHCP-relay configuration is not saved.
- Fixed problem with disconnection from some sites, if client is in VRF.
- Fixed problem with DNS proxy and clients connected from VRF.
- Fixed problem with DNS rules do not work.
- Fixed problem with downloading files from ftp servers via ftp over http in browser.
- Fixed problem with downloading of all routes in Diagnostics and monitoring.
- Fixed problem with empty backup files created after update to 6.1.2.
- Fixed problem with erasing routes and gateways created from CLI after first initialization of UserGate.
- Fixed problem with error while stopping running ping command in diagnostics and monitoring.
- Fixed problem with errors while adding http cache exclusions.
- Fixed problem with excessive resources use by displaying of blocking page.
- Fixed problem with exhausting number of licensed users by connections to not existing services on UserGate and DNAT and port map publications.
- Fixed problem with exporting certificate with chain.
- Fixed problem with filtering and sorting in applications.
- Fixed problem with filtering by MIME type.
- Fixed problem with filtering by referrer.
- Fixed problem with filtering by SNI, if SNI is in capital letters.
- Fixed problem with gateway received from DHCP takes over manually assigned default gateway after reboot.
- Fixed problem with importing morphology lists.
- Fixed problem with inability to move NAT rules.
- Fixed problem with inability to change language on login page.
- Fixed problem with inability to check connectivity to AD controller, if AD connector object delivered from MC.
- Fixed problem with inability to disable logging in NAT and routing rules.
- Fixed problem with inability to run OSPF on VPN interfaces.
- Fixed problem with inability to save SSL profile in some cases.
- Fixed problem with inability to select applications by application categories in firewall rules.
- Fixed problem with incorrect administrators permissions shown in web console after applying UGOS update in some cases.
- Fixed problem with incorrect closing of users' sessions which led to strange connectivity problems.
- Fixed problem with incorrect displaying of number of static routes defined in virtual router.
- Fixed problem with incorrect DNS resolution for child domains in DNS rules.
- Fixed problem with incorrect export of custom morphology lists.
- Fixed problem with incorrect L2TP tunnel re-creation if it existed before and was broken.
- Fixed problem with incorrect OSPF zone deletion.
- Fixed problem with incorrect processing of content filtering rules with option negate enabled for users condition.
- Fixed problem with incorrect processing of rules for a local group of users who self registered via Captive portal.
- Fixed problem with incorrect work of rules with time restriction.
- Fixed problem with installed update is listed as available again during cluster configuration update.
- Fixed problem with IP list is not applied on the second cluster node.
- Fixed problem with Kerberos authentication in transparent mode.
- Fixed problem with no filtering by URL if SSL inspection is on and capital letters are used for address in browser.
- Fixed problem with no logging for SSL inspection rules.
- Fixed problem with no soring in IDPS profiles.
- Fixed problem with no SSH inspection rules are in exported config.
- Fixed problem with no username and user's IP address on blocking page if block page is shown on another device in a cluster.
- Fixed problem with non-blocking HTTP/S based applications by firewall rules in transparent proxy mode.
- Fixed problem with not showing URL category on the block page for which it was blocked.
- Fixed problem with opening web sites by IP address via explicit proxy.
- Fixed problem with PMTU is not delivered to client if client has explicit proxy configured in browser.
- Fixed problem with proxy server doesn't work on custom port.
- Fixed problem with removing one existing DHCP option while adding another one.
- Fixed problem with routes and gateways which were created in CLI are not shown in web console in some cases.
- Fixed problem with rules with domain groups are not applied to users.
- Fixed problem with scenarios which configured for a domain group.
- Fixed problem with searching in IPS profiles.
- Fixed problem with sending notifications for configurations changes.
- Fixed problem with shaping of HTTP/HTTPS traffic.
- Fixed problem with showing Warning page for content filtering rules with action warning, which happened if blocking content is embedded into another page.
- Fixed problem with Site-to-Site VPN disconnection if no traffic are passed over tunnel.
- Fixed problem with slow downloading speed if SSL inspection is enabled.
- Fixed problem with SSL handshake error with no NAT in transparent proxy.
- Fixed problem with SSL inspection in transparent mode if rule contains condition for domain or category.
- Fixed problem with SSL inspection in user's VRF.
- Fixed problem with traffic capturing.
- Fixed problem with UDP packet loss on high load.
- Fixed problem with unlocking of previously locked administrators.
- Fixed problem with uploading logs to ftp servers.
- Fixed problem with URL lists containing domains in Cyrillic.
- Fixed problem with UserGate crashes with bridge interfaces in some cases.
- Fixed problem with users authenticated by Windows agent lose connectivity in cluster, if one cluster node became unavailable.
- Fixed problem with using of predefined applications group ALL in firewall rules.
- Fixed several issues with configuring VRF.
UserGate 6 Release (build 6.1.2.10523R, 19/05/2021)
Сhanges in version 6:
- Added ability create reports for up to 100000 users.
- Added ability to use underscore symbol in VPN preshared key.
- Improved applying of big IDPS signatures list.
- Improved cluster stability with processing of big lists.
- Improved connectivity checker work with NAT configured.
- Improved L7 module stability.
- Improved some displays during device boot.
- Improved SSL inspection processing algorithm.
- Improved UserGate stability.
- Fixed Bad request error when connecting to Captive portal in cluster configuration.
- Fixed basic authentication for https traffic.
- Fixed concurrent write to users table problem.
- Fixed error in SSH inspection rules allowed to set incorrect service in the rule.
- Fixed error which allowed to remove template from UGMC which was in us on UserGate device.
- Fixed errors which can cause conntrack table overflow.
- Fixed high memory usage when sending big files over UserGate.
- Fixed memory leak.
- Fixed PEER field absence in PPPoE connection.
- Fixed problem allowing to delete phone list which is in use in rules.
- Fixed problem of default gateway over PPPoE connection.
- Fixed problem of disconnecting Site-to-Site VPN if no traffic transmitted.
- Fixed problem of gateways disappeared after device rebooted.
- Fixed problem when content filtering rule was not updated if morphology dictionary updated.
- Fixed problem when newly created firewall rule does not set to specified position in the rules list.
- Fixed problem with exporting URL lists containing unicode symbols.
- Fixed problem with incorrect route adding via CLI.
- Fixed problem with Negate action in SSH inspection rules.
- Fixed SSL inspection rule, if it is created with specific service set.
UserGate 6 Release (build 6.1.1.10462R 26/04/2021)
Сhanges in version 6:
- Added ability to show RIP routes in web-console.
- Added ability to show traffic load by users.
- Fixed error Object not found when deleting IP address from the IP list.
- Fixed problem when object was deleted in UGMC, but it was in use in local rules.
- Fixed problem with adding a gateway with interface set to auto.
- Fixed problem with adding custom morphology list.
- Fixed problem with connectivity checker after new gateway added.
- Fixed problem with content filtering rules which do not work for explicit proxy clients and destination zone set.
- Fixed problem with exporting logs by cron timer.
- Fixed problem with loop block page redirect for explicit proxy users and external block page.
- Fixed problem with loosing packets of VIPNet VPN traffic.
- Fixed problem with making report Configuration changes summary by components.
- Fixed problem with NAT rules which stops working sometimes.
- Fixed problem with no emails sent over UserGate if Mail security is enabled.
- Fixed problem with non working default gateway for PPPoE connection.
- Fixed problem with proxying of DNAT traffic.
- Fixed problem with sending data to all ICAP servers in ICAP load balancer.
- Fixed saw-graph of current users in the Dashboard.
- Improved default mail security rule - added services SMTPS and POP3S.
- Improved grid view of rules with session start and every packet logging.
- Improved open sockets management.
- Improved performance of displaying large number of firewall rules.
- Improved performance of UserGate URL categories matching.
UserGate 6 Release (build 6.1.0.10409R, 9.04.2021)
Main changes in version 6:
- Added support for centralized management of Usergate devices with UserGate Management Center.
- Added VRF support.
- Added multicast routing support. UserGate supports Source Specific Multicast (SSM) and Any Source Multicast (ASM) modes, and IGMPv3 и IGMPv2 protocols for endpoints.
- Added RIP support.
- Firewall performance measured on IMIX traffic increased up to 10 times.
- Web filtering performance increased in several times.
- Developed new high performance IDPS engine.
- Improved performance of rule processing algorithm.
- Improved performance of LDAP authentication process.
- Added SSH inspection.
- Added ability for granular control of SSL inspection.
- Added support for Russian GOST TLS for UserGate services and SSL inspection.
- Added support for OPCUA SCADA protocol.
- Added support for processing of mirrored SCADA traffic.
- Added change control for all or specific changes made by administrators.
- Increased number of security zones to 255.