Changes in UserGate 6

UserGate 6.1.4 Release (build 6.1.4.11011R, 17/11/2021)

Сhanges in new version:

  • Added syslog rotation by log size.
  • Added BGP allowas-in functionality.
  • Added ability to use symbols * and ^ in mail addresses in mail addresses library.
  • Added ability to show SNAT addresses in NAT and routing rules grid.
  • Added ability to have simultaneous connections to SSH CLI.
  • Added ability to disable collection of additional debugging information from CLI.
  • Improved view of errors of sync cluster's nodes with UGMC.
  • Improved UserGate stability.
  • Improved statistics database update procedure during software update.
  • Improved stability of proxy agent UserGate.
  • Improved stability of IDPS module.
  • Improved stability of authentication agent for terminal services.
  • Improved SSL rules processing when client does not send SNI.
  • Improved search speed of big lists of IP addresses and URLs.
  • Improved search for content of morphology databases.
  • Improved search for content of fields in content filtering rules.
  • Improved remote administrator service, in case port 22 is blocked with reject packet sent.
  • Improved processing of DNS requests if some of DNS servers are not responding.
  • Improved performance of simultaneous authentication of large number of users.
  • Improved performance by made DNS SRTT metric is non clusterable.
  • Improved overall stability of UserGate.
  • Improved new IDPS and L7 lists update procedure to eliminate corrupted signatures from being loaded.
  • Improved logging levels for NAT, DNAT and Port forwarding rules.
  • Improved L7 application processing.
  • Improved import of network settings to all cluster's nodes.
  • Improved IDPS performance.
  • Improved IDPS performance on high speed traffic.
  • Improved HA cluster configuration view.
  • Improved export configuration - added overridden domains to export.
  • Improved DNS over TCP requests processing.
  • Improved displaying of time in logs, removed fractions of second.
  • Improved CPU cores load. Added support for up to 256 cores.
  • Improved check for overlapping when assigning virtual IP address in a VRF.
  • Improved check for correctness of cluster node name. Added ability to use '-' symbol in node name.
  • Improved Captive portal rules view if there are more than 20 rules.
  • Improved API functions checks for correctness of calls.
  • Improved and optimized logging of IDPS events. Removed excessive events logging to traffic log.
  • Improved algorithm of applying changes to configuration of ospf, bgp, rim and pim routers.
  • Improve performance of determining of output zone.
  • Fixed vulnerability BDU:W-2021-00199, no header Content-Security-Policy.
  • Fixed vulnerability BDU:W-2021-00200, no header Strict-Transport-Security (HSTS).
  • Fixed vulnerability BDU:W-2021-00191, allowing XSS attack on search string in Logs and reports page.
  • Fixed vulnerability BDU:W-2021-00192, allowing SQL injection attack on search string in Logs and reports page.
  • Fixed vulnerability BDU:W-2021-00189, allowing to create a local user with not complex password.
  • Fixed vulnerability BDU:W-2021-00202, no header X-XSS-Protection.
  • Fixed some minor dialog problems after override domain's category.
  • Fixed SMTP service crash when receiving emails from gmail.com.
  • Fixed search for IP address in port forwarding rules.
  • Fixed search by source address in NAT and routing rules.
  • Fixed rules processing for rules with negate for url list.
  • Fixed rules filtering problem based on enable/disabled rule option in NAT and routing.
  • Fixed problem with web-console hangs when editing of local user with high number of local users.
  • Fixed problem with VLAN tag removal in case of redirecting traffic from one VLAN to another, or from VLAN to an access port.
  • Fixed problem with VLAN interfaces created on Bond interface are down after server restarted.
  • Fixed problem with using of deprecated UDP port 8472 for VXLAN communications instead of 4789.
  • Fixed problem with using default gateway for Default VRF if no default gateway configured in custom VRF.
  • Fixed problem with UserGate hangs in some cases if Intel networks cards are in use.
  • Fixed problem with URL lists containing domains in Cyrillic.
  • Fixed problem with URL category check if URL contains leading or trailing spaces.
  • Fixed problem with updating large number of VLAN interfaces in one click.
  • Fixed problem with unable to connect error in web console if searching LDAP group and LDAP server's host cannot be resolved.
  • Fixed problem with triggering scenario for IDPS event for LDAP group.
  • Fixed problem with TCP window size which can lead to high memory use in some cases.
  • Fixed problem with switching of BGP router in Active-Passive cluster when master role is transferred to reserved node.
  • Fixed problem with some settings lost when changing OSPF router.
  • Fixed problem with slow downloading speed if SSL inspection is enabled.
  • Fixed problem with showing user as Unknown in traffic log, while it was authenticated by auth agent for Windows.
  • Fixed problem with showing of gateways by gateway list CLI command.
  • Fixed problem with routes and gateways which were created in CLI are not shown in web console in some cases.
  • Fixed problem with restoring UGMC from backup.
  • Fixed problem with page modification mark is not displayed in some cases in UGMC templates.
  • Fixed problem with notification about incorrect checksum for file settings.pyc.
  • Fixed problem with no rule name is displayed in IDPS logs.
  • Fixed problem with no logging of DoS protection rules on zones.
  • Fixed problem with no logging configuration is in exported config.
  • Fixed problem with no information about number of packets of triggered DoS rule for zone in traffic log.
  • Fixed problem with no information about mime type in log when blocking by mime-type.
  • Fixed problem with no displaying of BGP neighbor status in custom VRF.
  • Fixed problem with no content filtering for L2 or L3 bridge interfaces.
  • Fixed problem with moving of pre and post rules from local UserGate console.
  • Fixed problem with locking of administrators account in case of exceeding number of false authentication attempts.
  • Fixed problem with LDAP administrator logging in to web console happened in some cases.
  • Fixed problem with large attachment over POP3 protocol blocked by mail security rules.
  • Fixed problem with IP assignment to the interface after restoring configuration, if it had different mode in saved configuration.
  • Fixed problem with incorrect weight is assigned to a morphology phrase if phrase assigned from UGMC.
  • Fixed problem with incorrect uptime provided by SNMP.
  • Fixed problem with incorrect sequence of prefix lists and routemaps in BGP.
  • Fixed problem with incorrect rules processing for local users, happening in some cases.
  • Fixed problem with incorrect processing of policies with LDAP groups in cluster.
  • Fixed problem with incorrect processing of content filtering rules during rebuilding rules.
  • Fixed problem with incorrect displaying of cluster IP address on slave node.
  • Fixed problem with inability to send IDPS log records to external syslog server.
  • Fixed problem with inability to save value in Keep-alive time field of Mulitcast router.
  • Fixed problem with inability to log in as Admin@emergency to CLI over SSH.
  • Fixed problem with inability to export configuration by read only administrator.
  • Fixed problem with inability to disable network interface from interface configuration dialog, if IP address was obtained by DHCP and there is another interface with address in the same range.
  • Fixed problem with inability to delete VRF, which was created on the cluster node which was deleted.
  • Fixed problem with inability to delete VLAN if it is created on disabled physical interface.
  • Fixed problem with inability to create LDAP connector if use digits in LDAP domain name field.
  • Fixed problem with inability to apply metric to non-unicast routes.
  • Fixed problem with inability to add DHCP relay on disabled interface.
  • Fixed problem with IDPS module crashes during disabling it or updating signatures, happening in some cases.
  • Fixed problem with HTTP/S connection freezes in some cases in transparent proxy mode.
  • Fixed problem with high vCPU utilization caused by changes of updatable lists.
  • Fixed problem with high vCPU usage during authentication of large number of users in cluster active-passive.
  • Fixed problem with high CPU usage during DDoS attacks and enabled DoS protection.
  • Fixed problem with high CPU load in case of several administrators connected to CLI over SSH.
  • Fixed problem with gateway status does not update if unplug and then plug cable in.
  • Fixed problem with gateway disappearing, if it was created before first initialization of system.
  • Fixed problem with factory reset function after applying UGMC update.
  • Fixed problem with erasing routes and gateways created from CLI after first initialization of UserGate.
  • Fixed problem with downloading of files via ftp over http.
  • Fixed problem with displaying of carriage return symbol in CLI over SSH for Windows computers.
  • Fixed problem with code injection in Safe browsing rules.
  • Fixed problem with cluster node registration error if Cyrillic symbols were used in registration form.
  • Fixed problem with cluster configuration not imported from exported configuration.
  • Fixed problem with changing OSPF encrypted authentication key.
  • Added check for source zone presence in reverse proxy rules to avoid potential conflict with Captive portal rules.
  • Fixed problem with Captive authentication with defined destination IPs.
  • Fixed problem with applying negate action for services in firewall, IDPS and traffic shaping rules.
  • Fixed problem with applying empty lists assigned from UGMC.
  • Fixed problem with application identification for some applications.
  • Fixed problem with append community option is not saved for routemap in BGP.
  • Fixed problem with announcement of BGP routes happening in some cases.
  • Fixed problem with adding rule and placing it on top of the rules for Nat and routing, IDPS, Reverse proxy and VPN rules.
  • Fixed problem with adding bridge and bond types of interfaces to a static route.
  • Fixed problem with accessing console by LDAP administrator created in UGMC.
  • Fixed problem with ability to delete certificate which is in use by web portal.
  • Fixed problem when users are not counted if explicit proxy is used on non-default port.
  • Fixed problem when exported configuration does not contain DNS information.
  • Fixed problem when changing user's group does not effect in UserGate if auth agent for Windows is used for authentication.
  • Fixed problem of identification of local users with assigned IP addresses if Captive portal is configured.
  • Fixed problem of file upload over HTTP-proxy connection.
  • Fixed problem of enabling all VLANs on the interface in case of disabling and then enabling of physical interface.
  • Fixed problem of blocking valid traffic due to incorrect setting of the source zone for some of the packets passing through the custom VRF.
  • Fixed problem of automatic changing port's mode to Manual after link outage.
  • Fixed mail security problem if set SMTP/S service without destination port specified.
  • Fixed incorrect work of content filtering rules with Warn action.
  • Fixed incorrect coding of messages in the event log for lists with Cyrillic letters.
  • Fixed error which may happen when deleting of secondary NTP server.
  • Fixed error when read only administrator checks LDAP connector connectivity.
  • Fixed error of displaying of log with catlog command when connected to CLI as Admin@emergency.
  • Fixed error message for license activation without connectivity to the license server.
  • Fixed error if administrator is trying to delete several firewall rules together with default block rule.
  • Fixed error happening when creating morphology list.
  • Fixed content filtering if destination addresses contains URL list with destination domains.
  • Fixed connection error while trying to connect to Log Analyzer server from UserGate over UGMC console.
  • Fixed check if zone is used in rules when deleting zone.

UserGate 6.1.3 Release (build 6.1.3.10787R, 19/08/2021)

Сhanges in version 6.1.3:

  • Added validation for AS number field in BGP virtual router.
  • Added ability to add domain users to local groups.
  • Added ability to add IP range to IP lists.
  • Added ability to change pre rules to post and vice versa.
  • Added ability to enable/disable VPN rule, which came from MC.
  • Added ability to extend data partitions to several disks.
  • Added ability to keep original values for windows scaling, sack, mss and timestamp options for connections over proxy.
  • Added ability to show number of users connected over UserGate in case of unlimited license.
  • Added ability to show templates included to group of templates in managed devices view.
  • Added ability to use more than 15 countries in geoip restriction in rules.
  • Added description for detected applications on traffic log page.
  • Added error message when connecting to Cisco VPN in Site-to-Site case and preshared key is not matched.
  • Added new widget for total unique user count for a period of time.
  • Added sorting to users list.
  • Added support for DES crypto algorithm to VPN.
  • Added traffic monitoring page in diagnosis section to show users connections in real time with in and out speed.
  • Added validation for entered values in Key field of network adapter settings in OSPF configuration.
  • Added warning if set proxy server to use standard ports (80, 443).
  • Added warning page for Force changes button in Firewall policy settings.
  • Improved and optimized processing of content filtering rules.
  • Improved and speed up content filtering processing of users requests.
  • Improved check for interface is not used in any of routing protocols in virtual routers while deleting the interface from virtual router.
  • Improved displaying of found users, added first and last name along with username.
  • Improved DNS service stability on UDP.
  • Improved error message for situations where no connectivity between cluster's nodes.
  • Improved IDPS stability.
  • Improved L7 application processing.
  • Improved modules loading procedure during boot process.
  • Improved naming for UGOS updates for LogAn, NGFW and MC.
  • Improved process of changing rule type from SNAT to PBR.
  • Improved proxy server stability in some modes.
  • Improved replication stability of libraries lists between cluster's nodes.
  • Improved search for content of fields in content filtering rules.
  • Improved server's boot speed if server has at least one interface configured with DHCP address and DHCP sends hostname.
  • Improved some fields on registration form.
  • Improved stability of load balancing if proxy is enabled.
  • Improved users state synchronization between cluster nodes.
  • Improved validation of path rewrite fields in Reverse proxy rules.
  • Improved view of large numbers of elements.
  • Improved VPN stability.
  • Improved VRF update procedure.
  • Improved work with NICs which were removed physically, but still remain in the system.
  • Increased time allocated for UserGate to apply firewall rules.
  • Removed validation of AD availability when creating AD connector in MC.
  • Fixed bond interface work in specific modes.
  • Fixed DNS errors for some specific DNS requests.
  • Fixed DNS resolution when default gateways exist in default VRF and client's VRF, and explicit proxy configured.
  • Fixed error happened when moving rule to another position in the list.
  • Fixed error when calling traceroute command on VPN interface in Diagnostics and monitoring.
  • Fixed error when creating load balancing rule and left field port empty on Fallback settings.
  • Fixed errors when creating a custom report in LogAn.
  • Fixed errors when generating some reports.
  • Fixed incorrect displaying of AD users with Cyrillic letters in web access log.
  • Fixed incorrect pairs of interfaces for bypass bridge.
  • Fixed memory leak in network system under high load.
  • Fixed memory leak which happened in some cases.
  • Fixed permissions list available for managing from administrators profile.
  • Fixed problem incorrect rule placement when creating.
  • Fixed problem when content filtering by URL does not work in some cases.
  • Fixed problem when UserGate does not accept authentication information from browser and shows Captive portal window.
  • Fixed problem when web-console can occupy TCP port which is used for statistics service.
  • Fixed problem with ability to get to the web console at addresses login.captive and logout.captive.
  • Fixed problem with ability to import arbitrary words to IP lists.
  • Fixed problem with adding or deleting of interface to RIP router.
  • Fixed problem with applying firewall rules with negate option enabled in source/dest zones condition.
  • Fixed problem with authentication Kerberos users after server restart.
  • Fixed problem with CLI command catlog.
  • Fixed problem with content filtering rules applied to DNS filtering only.
  • Fixed problem with content filtering rules with time restriction, which are not triggered on time zone set in general settings.
  • Fixed problem with creating IDPS profile.
  • Fixed problem with creating more than 16 zones.
  • Fixed problem with creation of mail security widget.
  • Fixed problem with cyclic block page reload happened in some cases.
  • Fixed problem with deleting bond interface from CLI.
  • Fixed problem with DHCP-relay configuration is not saved.
  • Fixed problem with disconnection from some sites, if client is in VRF.
  • Fixed problem with DNS proxy and clients connected from VRF.
  • Fixed problem with DNS rules do not work.
  • Fixed problem with downloading files from ftp servers via ftp over http in browser.
  • Fixed problem with downloading of all routes in Diagnostics and monitoring.
  • Fixed problem with empty backup files created after update to 6.1.2.
  • Fixed problem with erasing routes and gateways created from CLI after first initialization of UserGate.
  • Fixed problem with error while stopping running ping command in diagnostics and monitoring.
  • Fixed problem with errors while adding http cache exclusions.
  • Fixed problem with excessive resources use by displaying of blocking page.
  • Fixed problem with exhausting number of licensed users by connections to not existing services on UserGate and DNAT and port map publications.
  • Fixed problem with exporting certificate with chain.
  • Fixed problem with filtering and sorting in applications.
  • Fixed problem with filtering by MIME type.
  • Fixed problem with filtering by referrer.
  • Fixed problem with filtering by SNI, if SNI is in capital letters.
  • Fixed problem with gateway received from DHCP takes over manually assigned default gateway after reboot.
  • Fixed problem with importing morphology lists.
  • Fixed problem with inability to move NAT rules.
  • Fixed problem with inability to change language on login page.
  • Fixed problem with inability to check connectivity to AD controller, if AD connector object delivered from MC.
  • Fixed problem with inability to disable logging in NAT and routing rules.
  • Fixed problem with inability to run OSPF on VPN interfaces.
  • Fixed problem with inability to save SSL profile in some cases.
  • Fixed problem with inability to select applications by application categories in firewall rules.
  • Fixed problem with incorrect administrators permissions shown in web console after applying UGOS update in some cases.
  • Fixed problem with incorrect closing of users' sessions which led to strange connectivity problems.
  • Fixed problem with incorrect displaying of number of static routes defined in virtual router.
  • Fixed problem with incorrect DNS resolution for child domains in DNS rules.
  • Fixed problem with incorrect export of custom morphology lists.
  • Fixed problem with incorrect L2TP tunnel re-creation if it existed before and was broken.
  • Fixed problem with incorrect OSPF zone deletion.
  • Fixed problem with incorrect processing of content filtering rules with option negate enabled for users condition.
  • Fixed problem with incorrect processing of rules for a local group of users who self registered via Captive portal.
  • Fixed problem with incorrect work of rules with time restriction.
  • Fixed problem with installed update is listed as available again during cluster configuration update.
  • Fixed problem with IP list is not applied on the second cluster node.
  • Fixed problem with Kerberos authentication in transparent mode.
  • Fixed problem with no filtering by URL if SSL inspection is on and capital letters are used for address in browser.
  • Fixed problem with no logging for SSL inspection rules.
  • Fixed problem with no soring in IDPS profiles.
  • Fixed problem with no SSH inspection rules are in exported config.
  • Fixed problem with no username and user's IP address on blocking page if block page is shown on another device in a cluster.
  • Fixed problem with non-blocking HTTP/S based applications by firewall rules in transparent proxy mode.
  • Fixed problem with not showing URL category on the block page for which it was blocked.
  • Fixed problem with opening web sites by IP address via explicit proxy.
  • Fixed problem with PMTU is not delivered to client if client has explicit proxy configured in browser.
  • Fixed problem with proxy server doesn't work on custom port.
  • Fixed problem with removing one existing DHCP option while adding another one.
  • Fixed problem with routes and gateways which were created in CLI are not shown in web console in some cases.
  • Fixed problem with rules with domain groups are not applied to users.
  • Fixed problem with scenarios which configured for a domain group.
  • Fixed problem with searching in IPS profiles.
  • Fixed problem with sending notifications for configurations changes.
  • Fixed problem with shaping of HTTP/HTTPS traffic.
  • Fixed problem with showing Warning page for content filtering rules with action warning, which happened if blocking content is embedded into another page.
  • Fixed problem with Site-to-Site VPN disconnection if no traffic are passed over tunnel.
  • Fixed problem with slow downloading speed if SSL inspection is enabled.
  • Fixed problem with SSL handshake error with no NAT in transparent proxy.
  • Fixed problem with SSL inspection in transparent mode if rule contains condition for domain or category.
  • Fixed problem with SSL inspection in user's VRF.
  • Fixed problem with traffic capturing.
  • Fixed problem with UDP packet loss on high load.
  • Fixed problem with unlocking of previously locked administrators.
  • Fixed problem with uploading logs to ftp servers.
  • Fixed problem with URL lists containing domains in Cyrillic.
  • Fixed problem with UserGate crashes with bridge interfaces in some cases.
  • Fixed problem with users authenticated by Windows agent lose connectivity in cluster, if one cluster node became unavailable.
  • Fixed problem with using of predefined applications group ALL in firewall rules.
  • Fixed several issues with configuring VRF.

UserGate 6 Release (build 6.1.2.10523R, 19/05/2021)

Сhanges in version 6:

  • Added ability create reports for up to 100000 users.
  • Added ability to use underscore symbol in VPN preshared key.
  • Improved applying of big IDPS signatures list.
  • Improved cluster stability with processing of big lists.
  • Improved connectivity checker work with NAT configured.
  • Improved L7 module stability.
  • Improved some displays during device boot.
  • Improved SSL inspection processing algorithm.
  • Improved UserGate stability.
  • Fixed Bad request error when connecting to Captive portal in cluster configuration.
  • Fixed basic authentication for https traffic.
  • Fixed concurrent write to users table problem.
  • Fixed error in SSH inspection rules allowed to set incorrect service in the rule.
  • Fixed error which allowed to remove template from UGMC which was in us on UserGate device.
  • Fixed errors which can cause conntrack table overflow.
  • Fixed high memory usage when sending big files over UserGate.
  • Fixed memory leak.
  • Fixed PEER field absence in PPPoE connection.
  • Fixed problem allowing to delete phone list which is in use in rules.
  • Fixed problem of default gateway over PPPoE connection.
  • Fixed problem of disconnecting Site-to-Site VPN if no traffic transmitted.
  • Fixed problem of gateways disappeared after device rebooted.
  • Fixed problem when content filtering rule was not updated if morphology dictionary updated.
  • Fixed problem when newly created firewall rule does not set to specified position in the rules list.
  • Fixed problem with exporting URL lists containing unicode symbols.
  • Fixed problem with incorrect route adding via CLI.
  • Fixed problem with Negate action in SSH inspection rules.
  • Fixed SSL inspection rule, if it is created with specific service set.

UserGate 6 Release (build 6.1.1.10462R 26/04/2021)

Сhanges in version 6:

  • Added ability to show RIP routes in web-console.
  • Added ability to show traffic load by users.
  • Fixed error Object not found when deleting IP address from the IP list.
  • Fixed problem when object was deleted in UGMC, but it was in use in local rules.
  • Fixed problem with adding a gateway with interface set to auto.
  • Fixed problem with adding custom morphology list.
  • Fixed problem with connectivity checker after new gateway added.
  • Fixed problem with content filtering rules which do not work for explicit proxy clients and destination zone set.
  • Fixed problem with exporting logs by cron timer.
  • Fixed problem with loop block page redirect for explicit proxy users and external block page.
  • Fixed problem with loosing packets of VIPNet VPN traffic.
  • Fixed problem with making report Configuration changes summary by components.
  • Fixed problem with NAT rules which stops working sometimes.
  • Fixed problem with no emails sent over UserGate if Mail security is enabled.
  • Fixed problem with non working default gateway for PPPoE connection.
  • Fixed problem with proxying of DNAT traffic.
  • Fixed problem with sending data to all ICAP servers in ICAP load balancer.
  • Fixed saw-graph of current users in the Dashboard.
  • Improved default mail security rule - added services SMTPS and POP3S.
  • Improved grid view of rules with session start and every packet logging.
  • Improved open sockets management.
  • Improved performance of displaying large number of firewall rules.
  • Improved performance of UserGate URL categories matching.

UserGate 6 Release (build 6.1.0.10409R, 9.04.2021)

Main changes in version 6:

  • Added support for centralized management of Usergate devices with UserGate Management Center.
  • Added VRF support.
  • Added multicast routing support. UserGate supports Source Specific Multicast (SSM) and Any Source Multicast (ASM) modes, and IGMPv3 и IGMPv2 protocols for endpoints.
  • Added RIP support.
  • Firewall performance measured on IMIX traffic increased up to 10 times.
  • Web filtering performance increased in several times.
  • Developed new high performance IDPS engine.
  • Improved performance of rule processing algorithm.
  • Improved performance of LDAP authentication process.
  • Added SSH inspection.
  • Added ability for granular control of SSL inspection.
  • Added support for Russian GOST TLS for UserGate services and SSL inspection.
  • Added support for OPCUA SCADA protocol.
  • Added support for processing of mirrored SCADA traffic.
  • Added change control for all or specific changes made by administrators.
  • Increased number of security zones to 255.