Changes in UserGate 6

UserGate UserGate 6.1.9 (build 6.1.9.11836R, 16/01/2023).

Сhanges in new version:

  • Added Mincifra root certificate to the list of trusted certificates.
  • Added ability to analyze VLAN tagged traffic on mirrored port.
  • Added number of DNS servers check not to exceed 2 for VPN clients.
  • Added ability to use telephone numbers up to 15 digits long.
  • Added ability to create port forwarding rules without ports specified.
  • Updated the interfaces list from SNMP ifTable and ifXTable.
  • Increased timeout of second authentication factor confirmation.
  • Increased the number of multicast groups which UserGate can subscribed to to 200.
  • Improved watchdog procedure.
  • Improved VPN stability.
  • Improved UserGate NGFW stability.
  • Improved traffic capture operation, added file size limit to 2Gb.
  • Improved stability when WCCP is in use.
  • Improved stability when deployed on QEMU hypervisor.
  • Improved stability of authentication agent for terminal services.
  • Improved sorting of library lists in rules selectors.
  • Improved processing of user, if he exists in 2 or more domains with the same name.
  • Improved processing of DNS requests by IDPS.
  • Improved process of getting users information when a large amount of user sessions is established.
  • Improved procedure of applying configuration changes from UGMC to NGFW devices.
  • Improved order of displaying network ports in dashboard widget.
  • Improved NGFW overall stability.
  • Improved MC and NGFW sync process stability.
  • Improved LDAP connector performance.
  • Improved HA cluster stability.
  • Improved establishing of VPN connection with different hash algorithms on phase 1 and 2.
  • Improved display of IP addresses assigned via DHCP.
  • Improved detection of user's groups by auth agent when membership changed.
  • Improved configuration generating process in case of a large number of rules and library elements.
  • Improved cluster configuration with 3 or more nodes stability while rebooting some of nodes.
  • Improved General settings sync to NGFW devices.
  • Improved cluster split-brain recovery after connectivity outages.
  • Fixed the traffic capture filters error.
  • Fixed the local lists sync error in MC and NGFW cluster slave node synchronization process.
  • Fixed the bug of detecting the second network card bypass bridge interfaces.
  • Fixed sync error of captive profiles between MC and NGFW when profile parameters updated.
  • Fixed statistics database request execution error related to Active Directory conflict records.
  • Fixed SNMP Engine ID sync error when NGFW configurated via MC.
  • Fixed search query error in web access log when India used as traffic source/destination country.
  • Fixed safe browsing rules logging when SSL inspection enabled.
  • Fixed problem, when node status check in HA cluster could be unsuccessful in some cases.
  • Fixed problem with web portal which may work incorrectly in Active-Active cluster.
  • Fixed problem with web portal auth when TOTP MFA by SMS delivery used.
  • Fixed problem with VPN users authentication if they use netbios domain name.
  • Fixed problem with VPN reconnect to NGFW server when VIP repeatedly modified in Active-Passive cluster acting as a VPN client.
  • Fixed problem with updating of firewall rules in HA cluster if cluster virtual IPs have changed.
  • Fixed problem with triggering Captive portal rule if it has full URL in rule condition.
  • Fixed problem with TOTP reset for users with Cyrillic letters in names.
  • Fixed problem with storing data about users specified in MC rules after rules deleted.
  • Fixed problem with starting traffic capture on the cluster node, other than node where rule was created.
  • Fixed problem with SSL inspection for software anyconnect via explicit proxy.
  • Fixed problem with slow opening sites over transparent proxy mode which has TCP option window-scale set to 0.
  • Fixed problem with searching for url categories from content filtering rule edit dialogue.
  • Fixed problem with SAML authentication.
  • Fixed problem with processing some specific requests over reverse proxy.
  • Fixed problem with processing of PBR rules if user added or deleted in rule's condition.
  • Fixed problem with processing of content filtering, safe browsing, SSL and SSH inspection, mail security, and ICAP rules if user added or deleted in rule's condition.
  • Fixed problem with outgoing messages queue filling up memory when exporting logs to Syslog server via TCP protocol.
  • Fixed problem with no user identifications on cluster node after node rebooted.
  • Fixed problem with no updating routes with automatic destination interface when interface settings changed.
  • Fixed problem with no logs for triggered spoofing protection rules.
  • Fixed problem with no logging in case of no SSL inspection configured, but content filtering rule with content analysis exists.
  • Fixed problem with no information about number of packets of triggered DoS rule for zone in traffic log.
  • Fixed problem with no ability to assign backup gateway for group of balanced gateways.
  • Fixed problem with multiline responses for SMTP commands.
  • Fixed problem with memory leak in proxy module, which may happen in some specific cases.
  • Fixed problem with Mail security which cannot work on arbitrary SMTP port.
  • Fixed problem with logging of DoS protection rules triggers.
  • Fixed problem with license registration on new cluster node right after finishing registration of main node.
  • Fixed problem with incorrect search result if backslash is used in search string.
  • Fixed problem with incorrect processing of traffic from proxy agent by content filtering rules.
  • Fixed problem with incorrect OSPF routes cost in active-passive cluster with more than 2 nodes.
  • Fixed problem with incorrect logging of IDPS rules.
  • Fixed problem with incorrect folder list over sftp and ssh inspection configured.
  • Fixed problem with ignoring of VRF when processing traffic with destination ports 80 and 443.
  • Fixed problem with getting error when monitoring web portal users authorized with cookie.
  • Fixed problem with gateway lost after reboot, happening in some specific cases.
  • Fixed problem with failover gateway unavailable, which happens in some cases.
  • Fixed problem with expiration of key for temp users validation.
  • Fixed problem with excessive memory use while using overridden domains.
  • Fixed problem with DNS when internal cache is not used for records with large number of addresses.
  • Fixed problem with displaying of terminal services users in traffic log.
  • Fixed problem with DHCP relay on VLAN interfaces stopped working after UG OS version upgrade.
  • Fixed problem with creating configuration cluster using bond interface.
  • Fixed problem with corrupted configuration file while it was exported to ftp location.
  • Fixed problem with connecting to 3rd party vendor's VPN over NAT.
  • Fixed problem with configuring PBR rule, if it uses different node's gateway.
  • Fixed problem with closing of AP Continent VPN, if no traffic transmitted from client during timeout.
  • Fixed problem with client connection to Site-to-Site VPN when user changed for this connection.
  • Fixed problem with caching of DNS responses for requests for SOA and CNAME record types.
  • Fixed problem with block page which shows "garbage" information for sites with more than 64 HTTP headers.
  • Fixed problem with applying of zone services committed from UGMC.
  • Fixed problem with applying of services from UGMC to NGFW which contains Cyrillic symbols in names.
  • Fixed problem with applying gateways with same IPs if they were created by UGMC.
  • Fixed problem with all parameters link-info lost after reboot except last added.
  • Fixed problem with AdBlock database update on cluster configuration nodes.
  • Fixed problem when DHCP lease can't be removed if its subnet removed or changed.
  • Fixed problem of using of virtual IP of high availability cluster for load balancing.
  • Fixed problem of high load on NGFW during traffic processing by mirror type interface.
  • Fixed problem causing the web interface inaccessibility.
  • Fixed OSPF costs update error when HA cluster master changed multiple times.
  • Fixed order of physical interfaces in ifTable.
  • Fixed memory leak in some VPN configurations.
  • Fixed incorrect value transmitted for sysUpTime in SNMP.
  • Fixed incorrect processing of mails, which have dot and carriage return in their body.
  • Fixed IDPS module incorrect update error.
  • Fixed error with URL lists sync between NGFW cluster nodes when firewall rules created in MC.
  • Fixed error with applying PBR rules to users specified in the rules after they are re-authorized.
  • Fixed error of synchronization between MC and NGFW configuration cluster in case one of the nodes is unavailable.
  • Fixed error occurred when incorrect temporary guest account expiration date in captive profile properties specified.
  • Fixed compatibility with 3rd party VPN solutions if NAT-traversal is used.
  • Fixed bug with path rewriting when HTTPS used for resources publication via reverse proxy rules.
  • Fixed bug with fastpath module self-enabling after it was disabled.
  • Fixed bug of memory full utilization caused by working with ICAP server.
  • Fixed an error in identifying groups of users been in several domains.
  • Fixed access check error on web portal.
  • Fixed a problem with optimizing the storage of user account information.
  • Fixed problem with establishing of TLS session with some high load web sites in transparent proxy mode.
  • Fixed problem with transferring data by Telegram messenger for some Telegram's services.

UserGate 6.1.8 Release (build 6.1.8.11532R, 22/08/2022)

Сhanges in new version:

  • Added ability to change data fastpath mode for firewall via CLI.
  • Auth agent for terminal server has been updated.
  • Improved CPU load by LogAn when processing LDAP users' names.
  • Improved displaying of Dashboard's widgets with large number if network interfaces.
  • Improved firewall performance if no content filtering and SSL inspection rules applied.
  • Improved firewall stability in Hyper-V.
  • Improved general firewall stability.
  • Improved memory management for L7 and IDPS modules.
  • Improved view of large number of NICs in Dashboard.
  • Fixed problem with certificate chain added to Captive portal certificate was not provided at Captive portal page.
  • Fixed firewall behavior if no correct DNS server configured.
  • Fixed intermittent memory leak in proxy module.
  • Fixed MIME type for pcap files, which are downloaded from NGFW.
  • Fixed problem with blocking of outgoing syslog traffic by IDPS.
  • Fixed problem with changing network interface type and address in CLI.
  • Fixed problem with changing source zone in existing port forwarding rule.
  • Fixed problem with changing zone's access control for web portal was NAT applied.
  • Fixed problem with connecting users to VPN, if VPN server rule contains local groups with local or domain users.
  • Fixed problem with inability to create 2 load balancers with the same port, but different transport protocols.
  • Fixed problem with incorrect ICAP server status check, which may happen in some cases.
  • Fixed problem with logging of domain user authentication information if user logged in s domain\user.
  • Fixed problem with logging user which was identified by radius accounting.
  • Fixed problem with no information of successful user auth in log export.
  • Fixed problem with no logged event for reverse proxy rules.
  • fixed problem with no logging of web safety rules.
  • Fixed problem with no pcap files for triggered IDPS events, if several events happened.
  • Fixed problem with PBR processing in cluster configuration.
  • Fixed problem with processing Captive portal auth timers.
  • Fixed problem with proxy port assigned from UGMC is not applied at NGFW.
  • Fixed problem with restoring VPN settings from exported configuration.
  • Fixed problem with simultaneous authentication user from terminal server and Captive portal.
  • Fixed problem with VPN connection if authenticating over Radius server.
  • Fixed problem with web portal which may work incorrectly in Active-Active cluster.
  • Fixed various auth errors in Terminal services auth agent.

UserGate 6.1.7 Release (build 6.1.7.11418R, 08/06/2022)

Сhanges in new version:

  • Added ability to record traffic for triggered IDPS events.
  • Added ability to create VPN tunnels with third party vendors using GRE over IPSec and IPsec over GRE.
  • Added ability to chose main/aggressive mode for IKE SA negotiation for VPN IKEv1.
  • Added ability to select different hash and encryption algorithms for 1 и 2 phases of IKEv1 VPN.
  • Added ability to select Diffie–Hellman groups for VPN IKEv1.
  • Added ability to use GeoIP addresses as source addresses for VPN server rules.
  • Added ability to search local user by MAC address assigned to him.
  • Added ability to sort IP list by name in rules.
  • Added increased cost (double) for OSPF distributable default route for standby node in AP cluster.
  • Added Restful API for UserGate management.
  • Increased the number of network interfaces to 10 for OVF image.
  • Improve GeoIP quality.
  • Improved CLI over SSH security.
  • Improved Dashboard graph of current NGFW users.
  • Improved displaying of long URLs in reports.
  • Improved IDPS performance in iperf performance testing.
  • Improved L7 information (application and application protocol) presentation in traffic log.
  • Improved large number of lists in libraries.
  • Improved log rotation procedure.
  • Improved NGFW stability when old and low performance NICs are configured in hypervisor for virtual appliance.
  • Improved overall stability of NGFW.
  • Improved procedure of removing elements from rules, if search was used for finding these elements.
  • Improved process of downloading large sized logs.
  • Improved processing of fragmented OPC UA commands.
  • Improved processing of packets requiring fragmentation.
  • Improved security of UserGate software updates.
  • Improved server time display when switching between configuration pages.
  • Improved synchronization effectiveness of large objects between cluster configuration nodes.
  • Improved Terminal server authentication agent. Required to update terminal agent software.
  • Improved updates check and download procedure.
  • Improved users from terminal servers identification information between nodes of UserGate cluster.
  • Improved validation for OSPF interface priority.
  • Improved watchdog procedure.
  • Fixed a problem with the absence of static routes when connecting directly connected to the network in which the gateway for this route is located.
  • Fixed incorrect status displayed in traffic log for DoS protection rules triggered.
  • Fixed intermittent problem with VPN service hangs when switching VPN rule on/of.
  • Fixed memory leak when bond interfaces are in use.
  • Fixed minor problems of viewing web portal bookmarks.
  • Fixed NGFW crash when L3 bridge with bypass is configured.
  • Fixed problem when exported logs shows default node name but not name set by administrator.
  • Fixed problem when firewall rule is still active even it was disabled by administrator.
  • Fixed problem with incorrect processing of SSL inspection rules, if they applied to AD users.
  • Fixed problem with changing AP cluster state when editing cluster configuration on slave node.
  • Fixed problem with content filtering rules which do not consider destination zone condition in some cases.
  • Fixed problem with content filtering when filtering SNI value with URL lists.
  • Fixed problem with defining of bypass ports on second network cards.
  • Fixed problem with deleting URL list from UGMC in some cases.
  • Fixed problem with gateways lost in cluster after importing configuration.
  • Fixed problem with getting url category for domains listed in Overridden url categories.
  • Fixed problem with HA cluster's traffic blocked by spoofing protection rules, happening in specific cases.
  • Fixed problem with importing VLANs and bonds from saved configuration.
  • Fixed problem with inability to add route to the network which is directly connected to the UserGate.
  • Fixed problem with inability to establish some TCP sessions with remote host with fast port reuse configured.
  • Fixed problem with inability to reconnect to SSH server published via web portal, if user closed web page with established connection.
  • Fixed problem with incorrect processing of content filtering rules during rebuilding rules.
  • Fixed problem with incorrect time formats for some schedule.
  • Fixed problem with incorrect time used for report generation if local time zone is used.
  • Fixed problem with incorrect user's group membership, if user and groups are in different AD domains with trust relationship.
  • Fixed problem with incorrect zone is logged to traffic log for DoS protection rules.
  • Fixed problem with logging of responded UDP packets when Log session start is selected.
  • Fixed problem with management of lists in rules, if number of lists exceeds 20.
  • Fixed problem with missing UTM-ENTERPRISE-MIB in downloaded MIB-file.
  • Fixed problem with no entry in web access log for HTTPS request without SNI.
  • Fixed problem with no information about network port state in SNMP.
  • Fixed problem with no IP and URL lists in exported configuration.
  • Fixed problem with no routes and information from BGP neighbor.
  • Fixed problem with packets loss between different types of NICs.
  • Fixed problem with recreating of bond and bridge interfaces when applying any network interface changes from UGMC.
  • Fixed problem with search by IP address in arrived from UGMC rules.
  • Fixed problem with shaper rules, which could be applied in a wrong order.
  • Fixed problem with SSL inspection in transparent proxy mode if URL and categories condition are used.
  • Fixed problem with terminal server auth agent when number of IP addresses changed. Required to update terminal server auth agent.
  • Fixed problem with traffic capturing.
  • Fixed processing of Captcha in web portal.
  • Fixed UserGate crash which may happen when firewall rule with L7 or IDPS rule block traffic with sending RST to both parties.

UserGate 6.1.6 Release (build 6.1.6.11213R, 23/03/2022)

Сhanges in new version:

  • Added ability of SSH inspection logging.
  • Added ability to create SSH inspection reports.
  • Added ability to identify user belonging to more than one domain when authenticating via terminal server agent.
  • Added ability to set more than 1 IP address for Radius server.
  • Added reverse proxy path rewrite functionality for the Domain parameter in the set-cookie HTTP header.
  • Added sorting for HA cluster objects.
  • Added state indicator for ICAP server.
  • Improve sorting of local users list.
  • Improved check procedure for complexity of Admin's password compliance.
  • Improved errors meaning for registration process.
  • Improved IDPS performance for STUN traffic.
  • Improved license check procedure.
  • Improved order of events of remote access VPN connections.
  • Improved processing of large number of unsuccessful LDAP requests.
  • Improved processing of SSH inspection rules.
  • Improved stability with lists importing operations, which contain invalid data.
  • Improved Terminal server authentication agent. Required to update terminal agent software.
  • Improved UserGate NGFW stability.
  • Removed "Log all packets" option for Policy based rules.
  • Removed ability to negate condition for L7 application in firewall rules.
  • Removed ability to use domain built-in groups in filtering policies.
  • Servers for remote assistance have moved to Russian Federation.
  • Fixed error which happens during searching for a user which TOTP key should be reset.
  • Fixed incorrect GeoIP addresses for EU zone.
  • Fixed incorrect RBAC assigned from UGMC to UserGate devices.
  • Fixed logging of fetch_cert is failed event for SSL inspection.
  • Fixed notation for ICAP servers URI.
  • Fixed problem with allow rule in content filtering with destination Zone/IP set.
  • Fixed problem with determining of destination zone for Captive portal rules.
  • Fixed problem with filtering by URLs for list containing Cyrillic domains.
  • Fixed problem with filtering by useragent when useragent does not contain any value (empty).
  • Fixed problem with gateway via specific interface remains active after this interface is added to a bond interface.
  • Fixed problem with GRE tunnel disappeared from assigned VRF after reboot.
  • Fixed problem with inability to install offline security update.
  • Fixed problem with incorrect interfaces status, which were part of the bond interface, after bond deleted.
  • Fixed problem with incorrect NAT processing for more than one client if traffic has fixed source ports. 
  • Fixed problem with incorrect number of IP address which consume licensed number of users.
  • Fixed problem with incorrect processing of content filtering rules during rebuilding rules.
  • Fixed problem with incorrect showing network interface belonging to custom  VRF in default VRF.
  • Fixed problem with logging of default rule 'Default allow' with disabled logging.
  • Fixed problem with lost of static users identification when membership in local group changed for some users.
  • Fixed problem with memory leak which may happen sometimes during processing TLS traffic.
  • Fixed problem with validation of reserved hosts in DHCP.
  • Fixed processing of Captcha in web portal.

UserGate 6.1.5 Release (build 6.1.5.11134R, 11/02/2022)

Сhanges in new version:

  • Added ability to enable X-Forwarded-For header.
  • Added ability to get the IP addresses list of hosts consuming license.
  • Added ability to search by signature name in IDPS rules.
  • Added ability to set custom SNMP engine ID.
  • Added ability to use 'Not in' operator in search rules.
  • Added context help for advanced search in web console.
  • Added information about blocking reason of https service for Reverse proxy.
  • Added more parameters checks while creating VRF.
  • Added QoS pre-classify option for VPN tunnels.
  • Added reverse proxy path rewrite functionality for the Domain parameter in the set-cookie HTTP header.
  • Added support for diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, ssh-rsa protocols to cli over ssh.
  • Added support for diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, ssh-rsa protocols to SSH inspection.
  • Added support for RAID controller LSI 9361-16i.
  • Additional checks added for DHCP options.
  • Admin console tab renamed to Settings tab.
  • Improved administrator's login page view for different browser window size.
  • Improved CA certificate name which is used by UserGate node for SSL inspection.
  • Improved check and download procedure of updatable lists. Added additional logging for this events.
  • Improved firewall performance for type of network card virtio in KVM-libvirt.
  • Improved IDPS performance for traffic of specific protocols and applications.
  • Improved IDPS performance on high speed traffic.
  • Improved management of local users created from UGMC.
  • Improved performance of content filtering processing with virus or morphology check in some cases.
  • Improved performance of stream virus check.
  • Improved SSL inspection in transparent mode for web sites with legacy TLS protocol versions.
  • Improved SSL rules processing when client does not send SNI.
  • Improved updating, deleting and creation of local users with static IP addresses on UserGate, created from UGMC.
  • Improved UserGate stability when inspecting GRE tunnels.
  • Improved UserGate stability.
  • Increased performance of IDPS.
  • Removed excessive logging which may cause performance degradation.
  • Fixed an issue when DNATed HTTP(s) traffic could be blocked by default Block everything policy.
  • Fixed crash which may happen in some cases when add/delete content filtering rule.
  • Fixed excessive TCP fragmentation to client connection with transparent proxy and content filtering or SSL inspection enabled.
  • Fixed issue that could result in gateway absence after settings import.
  • Fixed load balancer with more than one balancing rules configured.
  • Fixed problem when DHCP relay may not work correctly if DHCP pool has some specific settings.
  • Fixed problem when protocol TCP was always saved in port forwarding rules , no matter which protocol was originally set.
  • Fixed problem with 3 seconds delay in opening some websites in transparent proxy mode.
  • Fixed problem with access to a several web-sites, for example, http://web.tpu.ru.
  • Fixed problem with adding of Active directory group Builtin Users to the rules.
  • Fixed problem with applying shaping policies for group of users from LDAP.
  • Fixed problem with applying to UserGate updated in UGMC URL list.
  • Fixed problem with assigning incorrect administrator profile, if administrator has different profiles assigned to him and to his groups.
  • Fixed problem with blocking of transit multicast traffic.
  • Fixed problem with bypass bridge on cluster created from different types of appliances.
  • Fixed problem with certificate is not updated when changes made in service domains auth, logout, block.
  • Fixed problem with changing of auth method after auth profile was created in UGMC.
  • Fixed problem with connecting from Secure CRT to CLI SSH.
  • Fixed problem with content filtering for HTTPS sites which have SNI different from certificate's subject name.
  • Fixed problem with content filtering rules processing for rules with time restrictions.
  • Fixed problem with creating full backup and error Cannot mount /dev/dm-3.
  • Fixed problem with creating of copy of report rule.
  • Fixed problem with delay in opening web sites from terminal servers with installed terminal server auth agent. Update of auth agent for terminal servers is recommended.
  • Fixed problem with disappearing of directly connected routes on HA cluster node which changed from Master to Slave.
  • Fixed problem with DNS SRTT may get negative value.
  • Fixed problem with filtering by URL lists containing regexp elements ^, $, *.
  • Fixed problem with inability to add url started with // to URL list.
  • Fixed problem with inability to block traffic of Anydesk app by content filtering.
  • Fixed problem with inability to create VRF with name, which is already in use on another cluster node.
  • Fixed problem with inability to set password for terminal services agents via UGMC.
  • Fixed problem with incorrect AD group membership for a user, who logged in from different devices when membership was changed in AD.
  • Fixed problem with incorrect consuming of licenses when ip spoofing protection is enabled.
  • Fixed problem with incorrect MAC address assignment on bond interface after system reboot.
  • Fixed problem with incorrect processing of content filtering rules in explicit proxy mode with defined destination zone and disabled SSL inspection.
  • Fixed problem with incorrect processing of policy for a particular user, if he logged out from one of computer and continue to work on another computers.
  • Fixed problem with incorrect processing of requests for reverse proxy, if web portal listens on the same port.
  • Fixed problem with incorrect processing of users groups happened in some cases in cluster.
  • Fixed problem with incorrect search result when searching for IP addresses in some cases.
  • Fixed problem with incorrect sequence of prefix lists and routemaps in BGP.
  • Fixed problem with incorrect terminating of terminal servers users.
  • Fixed problem with incorrect tracing rule processing in some cases.
  • Fixed problem with incorrect URLF category in notification for adding request for white list for a web site.
  • Fixed problem with incorrect work of scenarios with application L7 as condition.
  • Fixed problem with local user identification, if it was created in UGMC with static IP address.
  • Fixed problem with local users identification, if they identified by static IP, when they are added to a group.
  • Fixed problem with logging in to CLI SSH with password containing special symbols.
  • Fixed problem with logging of default rule 'Default allow' with disabled logging.
  • Fixed problem with memory leak when using HTTP PUT method with web console.
  • Fixed problem with memory leak which happens when opening block pages with HTTP POST method.
  • Fixed problem with no blocking reason in web access log.
  • Fixed problem with no record in web access log for blocked by AdBlock connections, when no SSL inspection enabled.
  • Fixed problem with placing NAT rule to a specific position in the rules list when creating a rule.
  • Fixed problem with processing of content filtering rules with time restriction.
  • Fixed problem with restoring UserGate settings from backup if it was connected to UGMC.
  • Fixed problem with RIP v2 does not work if password set for authentication.
  • Fixed problem with SCADA rules, which require to have firewall rules allowing traffic from UserGate.
  • Fixed problem with several gateways can be assigned as default gateways.
  • Fixed problem with some packets lost when traversing over route leaking over other's VRF.
  • Fixed problem with spam mail filtering happening in some cases.
  • Fixed problem with sporadic connectivity issues for some websites (Sberbank business).
  • Fixed problem with SSL inspection if site's certificate contains Cyrillic letters.
  • Fixed problem with traffic filtration if no L7 database exists.
  • Fixed problem with update checking for custom updatable lists if connectivity lost between NGFW and UGMC.
  • Fixed problem with updating of custom lists on UserGate, when rules with these lists are updated on UGMC.
  • Fixed problem with user authentication by TACACS+ servers.
  • Fixed problem with UserGate crash happened in some cases.
  • Fixed problem with VoIP telephony which doesn't work over UserGate.
  • Fixed UserGate server crash when deleting bridge interface which is in use by SSL inspection.

UserGate 6.1.4 Release (build 6.1.4.11011R, 17/11/2021)

Сhanges in new version:

  • Added syslog rotation by log size.
  • Added BGP allowas-in functionality.
  • Added ability to use symbols * and ^ in mail addresses in mail addresses library.
  • Added ability to show SNAT addresses in NAT and routing rules grid.
  • Added ability to have simultaneous connections to SSH CLI.
  • Added ability to disable collection of additional debugging information from CLI.
  • Improved view of errors of sync cluster's nodes with UGMC.
  • Improved UserGate stability.
  • Improved statistics database update procedure during software update.
  • Improved stability of proxy agent UserGate.
  • Improved stability of IDPS module.
  • Improved stability of authentication agent for terminal services.
  • Improved SSL rules processing when client does not send SNI.
  • Improved search speed of big lists of IP addresses and URLs.
  • Improved search for content of morphology databases.
  • Improved search for content of fields in content filtering rules.
  • Improved remote administrator service, in case port 22 is blocked with reject packet sent.
  • Improved processing of DNS requests if some of DNS servers are not responding.
  • Improved performance of simultaneous authentication of large number of users.
  • Improved performance by made DNS SRTT metric is non clusterable.
  • Improved overall stability of UserGate.
  • Improved new IDPS and L7 lists update procedure to eliminate corrupted signatures from being loaded.
  • Improved logging levels for NAT, DNAT and Port forwarding rules.
  • Improved L7 application processing.
  • Improved import of network settings to all cluster's nodes.
  • Improved IDPS performance.
  • Improved IDPS performance on high speed traffic.
  • Improved HA cluster configuration view.
  • Improved export configuration - added overridden domains to export.
  • Improved DNS over TCP requests processing.
  • Improved displaying of time in logs, removed fractions of second.
  • Improved CPU cores load. Added support for up to 256 cores.
  • Improved check for overlapping when assigning virtual IP address in a VRF.
  • Improved check for correctness of cluster node name. Added ability to use '-' symbol in node name.
  • Improved Captive portal rules view if there are more than 20 rules.
  • Improved API functions checks for correctness of calls.
  • Improved and optimized logging of IDPS events. Removed excessive events logging to traffic log.
  • Improved algorithm of applying changes to configuration of ospf, bgp, rim and pim routers.
  • Improve performance of determining of output zone.
  • Fixed vulnerability BDU:W-2021-00199, no header Content-Security-Policy.
  • Fixed vulnerability BDU:W-2021-00200, no header Strict-Transport-Security (HSTS).
  • Fixed vulnerability BDU:W-2021-00191, allowing XSS attack on search string in Logs and reports page.
  • Fixed vulnerability BDU:W-2021-00192, allowing SQL injection attack on search string in Logs and reports page.
  • Fixed vulnerability BDU:W-2021-00189, allowing to create a local user with not complex password.
  • Fixed vulnerability BDU:W-2021-00202, no header X-XSS-Protection.
  • Fixed some minor dialog problems after override domain's category.
  • Fixed SMTP service crash when receiving emails from gmail.com.
  • Fixed search for IP address in port forwarding rules.
  • Fixed search by source address in NAT and routing rules.
  • Fixed rules processing for rules with negate for url list.
  • Fixed rules filtering problem based on enable/disabled rule option in NAT and routing.
  • Fixed problem with web-console hangs when editing of local user with high number of local users.
  • Fixed problem with VLAN tag removal in case of redirecting traffic from one VLAN to another, or from VLAN to an access port.
  • Fixed problem with VLAN interfaces created on Bond interface are down after server restarted.
  • Fixed problem with using of deprecated UDP port 8472 for VXLAN communications instead of 4789.
  • Fixed problem with using default gateway for Default VRF if no default gateway configured in custom VRF.
  • Fixed problem with UserGate hangs in some cases if Intel networks cards are in use.
  • Fixed problem with URL lists containing domains in Cyrillic.
  • Fixed problem with URL category check if URL contains leading or trailing spaces.
  • Fixed problem with updating large number of VLAN interfaces in one click.
  • Fixed problem with unable to connect error in web console if searching LDAP group and LDAP server's host cannot be resolved.
  • Fixed problem with triggering scenario for IDPS event for LDAP group.
  • Fixed problem with TCP window size which can lead to high memory use in some cases.
  • Fixed problem with switching of BGP router in Active-Passive cluster when master role is transferred to reserved node.
  • Fixed problem with some settings lost when changing OSPF router.
  • Fixed problem with slow downloading speed if SSL inspection is enabled.
  • Fixed problem with showing user as Unknown in traffic log, while it was authenticated by auth agent for Windows.
  • Fixed problem with showing of gateways by gateway list CLI command.
  • Fixed problem with routes and gateways which were created in CLI are not shown in web console in some cases.
  • Fixed problem with restoring UGMC from backup.
  • Fixed problem with page modification mark is not displayed in some cases in UGMC templates.
  • Fixed problem with notification about incorrect checksum for file settings.pyc.
  • Fixed problem with no rule name is displayed in IDPS logs.
  • Fixed problem with no logging of DoS protection rules on zones.
  • Fixed problem with no logging configuration is in exported config.
  • Fixed problem with no information about number of packets of triggered DoS rule for zone in traffic log.
  • Fixed problem with no information about mime type in log when blocking by mime-type.
  • Fixed problem with no displaying of BGP neighbor status in custom VRF.
  • Fixed problem with no content filtering for L2 or L3 bridge interfaces.
  • Fixed problem with moving of pre and post rules from local UserGate console.
  • Fixed problem with locking of administrators account in case of exceeding number of false authentication attempts.
  • Fixed problem with LDAP administrator logging in to web console happened in some cases.
  • Fixed problem with large attachment over POP3 protocol blocked by mail security rules.
  • Fixed problem with IP assignment to the interface after restoring configuration, if it had different mode in saved configuration.
  • Fixed problem with incorrect weight is assigned to a morphology phrase if phrase assigned from UGMC.
  • Fixed problem with incorrect uptime provided by SNMP.
  • Fixed problem with incorrect sequence of prefix lists and routemaps in BGP.
  • Fixed problem with incorrect rules processing for local users, happening in some cases.
  • Fixed problem with incorrect processing of policies with LDAP groups in cluster.
  • Fixed problem with incorrect processing of content filtering rules during rebuilding rules.
  • Fixed problem with incorrect displaying of cluster IP address on slave node.
  • Fixed problem with inability to send IDPS log records to external syslog server.
  • Fixed problem with inability to save value in Keep-alive time field of Mulitcast router.
  • Fixed problem with inability to log in as Admin@emergency to CLI over SSH.
  • Fixed problem with inability to export configuration by read only administrator.
  • Fixed problem with inability to disable network interface from interface configuration dialog, if IP address was obtained by DHCP and there is another interface with address in the same range.
  • Fixed problem with inability to delete VRF, which was created on the cluster node which was deleted.
  • Fixed problem with inability to delete VLAN if it is created on disabled physical interface.
  • Fixed problem with inability to create LDAP connector if use digits in LDAP domain name field.
  • Fixed problem with inability to apply metric to non-unicast routes.
  • Fixed problem with inability to add DHCP relay on disabled interface.
  • Fixed problem with IDPS module crashes during disabling it or updating signatures, happening in some cases.
  • Fixed problem with HTTP/S connection freezes in some cases in transparent proxy mode.
  • Fixed problem with high vCPU utilization caused by changes of updatable lists.
  • Fixed problem with high vCPU usage during authentication of large number of users in cluster active-passive.
  • Fixed problem with high CPU usage during DDoS attacks and enabled DoS protection.
  • Fixed problem with high CPU load in case of several administrators connected to CLI over SSH.
  • Fixed problem with gateway status does not update if unplug and then plug cable in.
  • Fixed problem with gateway disappearing, if it was created before first initialization of system.
  • Fixed problem with factory reset function after applying UGMC update.
  • Fixed problem with erasing routes and gateways created from CLI after first initialization of UserGate.
  • Fixed problem with downloading of files via ftp over http.
  • Fixed problem with displaying of carriage return symbol in CLI over SSH for Windows computers.
  • Fixed problem with code injection in Safe browsing rules.
  • Fixed problem with cluster node registration error if Cyrillic symbols were used in registration form.
  • Fixed problem with cluster configuration not imported from exported configuration.
  • Fixed problem with changing OSPF encrypted authentication key.
  • Added check for source zone presence in reverse proxy rules to avoid potential conflict with Captive portal rules.
  • Fixed problem with Captive authentication with defined destination IPs.
  • Fixed problem with applying negate action for services in firewall, IDPS and traffic shaping rules.
  • Fixed problem with applying empty lists assigned from UGMC.
  • Fixed problem with application identification for some applications.
  • Fixed problem with append community option is not saved for routemap in BGP.
  • Fixed problem with announcement of BGP routes happening in some cases.
  • Fixed problem with adding rule and placing it on top of the rules for Nat and routing, IDPS, Reverse proxy and VPN rules.
  • Fixed problem with adding bridge and bond types of interfaces to a static route.
  • Fixed problem with accessing console by LDAP administrator created in UGMC.
  • Fixed problem with ability to delete certificate which is in use by web portal.
  • Fixed problem when users are not counted if explicit proxy is used on non-default port.
  • Fixed problem when exported configuration does not contain DNS information.
  • Fixed problem when changing user's group does not effect in UserGate if auth agent for Windows is used for authentication.
  • Fixed problem of identification of local users with assigned IP addresses if Captive portal is configured.
  • Fixed problem of file upload over HTTP-proxy connection.
  • Fixed problem of enabling all VLANs on the interface in case of disabling and then enabling of physical interface.
  • Fixed problem of blocking valid traffic due to incorrect setting of the source zone for some of the packets passing through the custom VRF.
  • Fixed problem of automatic changing port's mode to Manual after link outage.
  • Fixed mail security problem if set SMTP/S service without destination port specified.
  • Fixed incorrect work of content filtering rules with Warn action.
  • Fixed incorrect coding of messages in the event log for lists with Cyrillic letters.
  • Fixed error which may happen when deleting of secondary NTP server.
  • Fixed error when read only administrator checks LDAP connector connectivity.
  • Fixed error of displaying of log with catlog command when connected to CLI as Admin@emergency.
  • Fixed error message for license activation without connectivity to the license server.
  • Fixed error if administrator is trying to delete several firewall rules together with default block rule.
  • Fixed error happening when creating morphology list.
  • Fixed content filtering if destination addresses contains URL list with destination domains.
  • Fixed connection error while trying to connect to Log Analyzer server from UserGate over UGMC console.
  • Fixed check if zone is used in rules when deleting zone.

UserGate 6.1.3 Release (build 6.1.3.10787R, 19/08/2021)

Сhanges in version 6.1.3:

  • Added validation for AS number field in BGP virtual router.
  • Added ability to add domain users to local groups.
  • Added ability to add IP range to IP lists.
  • Added ability to change pre rules to post and vice versa.
  • Added ability to enable/disable VPN rule, which came from MC.
  • Added ability to extend data partitions to several disks.
  • Added ability to keep original values for windows scaling, sack, mss and timestamp options for connections over proxy.
  • Added ability to show number of users connected over UserGate in case of unlimited license.
  • Added ability to show templates included to group of templates in managed devices view.
  • Added ability to use more than 15 countries in geoip restriction in rules.
  • Added description for detected applications on traffic log page.
  • Added error message when connecting to Cisco VPN in Site-to-Site case and preshared key is not matched.
  • Added new widget for total unique user count for a period of time.
  • Added sorting to users list.
  • Added support for DES crypto algorithm to VPN.
  • Added traffic monitoring page in diagnosis section to show users connections in real time with in and out speed.
  • Added validation for entered values in Key field of network adapter settings in OSPF configuration.
  • Added warning if set proxy server to use standard ports (80, 443).
  • Added warning page for Force changes button in Firewall policy settings.
  • Improved and optimized processing of content filtering rules.
  • Improved and speed up content filtering processing of users requests.
  • Improved check for interface is not used in any of routing protocols in virtual routers while deleting the interface from virtual router.
  • Improved displaying of found users, added first and last name along with username.
  • Improved DNS service stability on UDP.
  • Improved error message for situations where no connectivity between cluster's nodes.
  • Improved IDPS stability.
  • Improved L7 application processing.
  • Improved modules loading procedure during boot process.
  • Improved naming for UGOS updates for LogAn, NGFW and MC.
  • Improved process of changing rule type from SNAT to PBR.
  • Improved proxy server stability in some modes.
  • Improved replication stability of libraries lists between cluster's nodes.
  • Improved search for content of fields in content filtering rules.
  • Improved server's boot speed if server has at least one interface configured with DHCP address and DHCP sends hostname.
  • Improved some fields on registration form.
  • Improved stability of load balancing if proxy is enabled.
  • Improved users state synchronization between cluster nodes.
  • Improved validation of path rewrite fields in Reverse proxy rules.
  • Improved view of large numbers of elements.
  • Improved VPN stability.
  • Improved VRF update procedure.
  • Improved work with NICs which were removed physically, but still remain in the system.
  • Increased time allocated for UserGate to apply firewall rules.
  • Removed validation of AD availability when creating AD connector in MC.
  • Fixed bond interface work in specific modes.
  • Fixed DNS errors for some specific DNS requests.
  • Fixed DNS resolution when default gateways exist in default VRF and client's VRF, and explicit proxy configured.
  • Fixed error happened when moving rule to another position in the list.
  • Fixed error when calling traceroute command on VPN interface in Diagnostics and monitoring.
  • Fixed error when creating load balancing rule and left field port empty on Fallback settings.
  • Fixed errors when creating a custom report in LogAn.
  • Fixed errors when generating some reports.
  • Fixed incorrect displaying of AD users with Cyrillic letters in web access log.
  • Fixed incorrect pairs of interfaces for bypass bridge.
  • Fixed memory leak in network system under high load.
  • Fixed memory leak which happened in some cases.
  • Fixed permissions list available for managing from administrators profile.
  • Fixed problem incorrect rule placement when creating.
  • Fixed problem when content filtering by URL does not work in some cases.
  • Fixed problem when UserGate does not accept authentication information from browser and shows Captive portal window.
  • Fixed problem when web-console can occupy TCP port which is used for statistics service.
  • Fixed problem with ability to get to the web console at addresses login.captive and logout.captive.
  • Fixed problem with ability to import arbitrary words to IP lists.
  • Fixed problem with adding or deleting of interface to RIP router.
  • Fixed problem with applying firewall rules with negate option enabled in source/dest zones condition.
  • Fixed problem with authentication Kerberos users after server restart.
  • Fixed problem with CLI command catlog.
  • Fixed problem with content filtering rules applied to DNS filtering only.
  • Fixed problem with content filtering rules with time restriction, which are not triggered on time zone set in general settings.
  • Fixed problem with creating IDPS profile.
  • Fixed problem with creating more than 16 zones.
  • Fixed problem with creation of mail security widget.
  • Fixed problem with cyclic block page reload happened in some cases.
  • Fixed problem with deleting bond interface from CLI.
  • Fixed problem with DHCP-relay configuration is not saved.
  • Fixed problem with disconnection from some sites, if client is in VRF.
  • Fixed problem with DNS proxy and clients connected from VRF.
  • Fixed problem with DNS rules do not work.
  • Fixed problem with downloading files from ftp servers via ftp over http in browser.
  • Fixed problem with downloading of all routes in Diagnostics and monitoring.
  • Fixed problem with empty backup files created after update to 6.1.2.
  • Fixed problem with erasing routes and gateways created from CLI after first initialization of UserGate.
  • Fixed problem with error while stopping running ping command in diagnostics and monitoring.
  • Fixed problem with errors while adding http cache exclusions.
  • Fixed problem with excessive resources use by displaying of blocking page.
  • Fixed problem with exhausting number of licensed users by connections to not existing services on UserGate and DNAT and port map publications.
  • Fixed problem with exporting certificate with chain.
  • Fixed problem with filtering and sorting in applications.
  • Fixed problem with filtering by MIME type.
  • Fixed problem with filtering by referrer.
  • Fixed problem with filtering by SNI, if SNI is in capital letters.
  • Fixed problem with gateway received from DHCP takes over manually assigned default gateway after reboot.
  • Fixed problem with importing morphology lists.
  • Fixed problem with inability to move NAT rules.
  • Fixed problem with inability to change language on login page.
  • Fixed problem with inability to check connectivity to AD controller, if AD connector object delivered from MC.
  • Fixed problem with inability to disable logging in NAT and routing rules.
  • Fixed problem with inability to run OSPF on VPN interfaces.
  • Fixed problem with inability to save SSL profile in some cases.
  • Fixed problem with inability to select applications by application categories in firewall rules.
  • Fixed problem with incorrect administrators permissions shown in web console after applying UGOS update in some cases.
  • Fixed problem with incorrect closing of users' sessions which led to strange connectivity problems.
  • Fixed problem with incorrect displaying of number of static routes defined in virtual router.
  • Fixed problem with incorrect DNS resolution for child domains in DNS rules.
  • Fixed problem with incorrect export of custom morphology lists.
  • Fixed problem with incorrect L2TP tunnel re-creation if it existed before and was broken.
  • Fixed problem with incorrect OSPF zone deletion.
  • Fixed problem with incorrect processing of content filtering rules with option negate enabled for users condition.
  • Fixed problem with incorrect processing of rules for a local group of users who self registered via Captive portal.
  • Fixed problem with incorrect work of rules with time restriction.
  • Fixed problem with installed update is listed as available again during cluster configuration update.
  • Fixed problem with IP list is not applied on the second cluster node.
  • Fixed problem with Kerberos authentication in transparent mode.
  • Fixed problem with no filtering by URL if SSL inspection is on and capital letters are used for address in browser.
  • Fixed problem with no logging for SSL inspection rules.
  • Fixed problem with no soring in IDPS profiles.
  • Fixed problem with no SSH inspection rules are in exported config.
  • Fixed problem with no username and user's IP address on blocking page if block page is shown on another device in a cluster.
  • Fixed problem with non-blocking HTTP/S based applications by firewall rules in transparent proxy mode.
  • Fixed problem with not showing URL category on the block page for which it was blocked.
  • Fixed problem with opening web sites by IP address via explicit proxy.
  • Fixed problem with PMTU is not delivered to client if client has explicit proxy configured in browser.
  • Fixed problem with proxy server doesn't work on custom port.
  • Fixed problem with removing one existing DHCP option while adding another one.
  • Fixed problem with routes and gateways which were created in CLI are not shown in web console in some cases.
  • Fixed problem with rules with domain groups are not applied to users.
  • Fixed problem with scenarios which configured for a domain group.
  • Fixed problem with searching in IPS profiles.
  • Fixed problem with sending notifications for configurations changes.
  • Fixed problem with shaping of HTTP/HTTPS traffic.
  • Fixed problem with showing Warning page for content filtering rules with action warning, which happened if blocking content is embedded into another page.
  • Fixed problem with Site-to-Site VPN disconnection if no traffic are passed over tunnel.
  • Fixed problem with slow downloading speed if SSL inspection is enabled.
  • Fixed problem with SSL handshake error with no NAT in transparent proxy.
  • Fixed problem with SSL inspection in transparent mode if rule contains condition for domain or category.
  • Fixed problem with SSL inspection in user's VRF.
  • Fixed problem with traffic capturing.
  • Fixed problem with UDP packet loss on high load.
  • Fixed problem with unlocking of previously locked administrators.
  • Fixed problem with uploading logs to ftp servers.
  • Fixed problem with URL lists containing domains in Cyrillic.
  • Fixed problem with UserGate crashes with bridge interfaces in some cases.
  • Fixed problem with users authenticated by Windows agent lose connectivity in cluster, if one cluster node became unavailable.
  • Fixed problem with using of predefined applications group ALL in firewall rules.
  • Fixed several issues with configuring VRF.

UserGate 6 Release (build 6.1.2.10523R, 19/05/2021)

Сhanges in version 6:

  • Added ability create reports for up to 100000 users.
  • Added ability to use underscore symbol in VPN preshared key.
  • Improved applying of big IDPS signatures list.
  • Improved cluster stability with processing of big lists.
  • Improved connectivity checker work with NAT configured.
  • Improved L7 module stability.
  • Improved some displays during device boot.
  • Improved SSL inspection processing algorithm.
  • Improved UserGate stability.
  • Fixed Bad request error when connecting to Captive portal in cluster configuration.
  • Fixed basic authentication for https traffic.
  • Fixed concurrent write to users table problem.
  • Fixed error in SSH inspection rules allowed to set incorrect service in the rule.
  • Fixed error which allowed to remove template from UGMC which was in us on UserGate device.
  • Fixed errors which can cause conntrack table overflow.
  • Fixed high memory usage when sending big files over UserGate.
  • Fixed memory leak.
  • Fixed PEER field absence in PPPoE connection.
  • Fixed problem allowing to delete phone list which is in use in rules.
  • Fixed problem of default gateway over PPPoE connection.
  • Fixed problem of disconnecting Site-to-Site VPN if no traffic transmitted.
  • Fixed problem of gateways disappeared after device rebooted.
  • Fixed problem when content filtering rule was not updated if morphology dictionary updated.
  • Fixed problem when newly created firewall rule does not set to specified position in the rules list.
  • Fixed problem with exporting URL lists containing unicode symbols.
  • Fixed problem with incorrect route adding via CLI.
  • Fixed problem with Negate action in SSH inspection rules.
  • Fixed SSL inspection rule, if it is created with specific service set.

UserGate 6 Release (build 6.1.1.10462R 26/04/2021)

Сhanges in version 6:

  • Added ability to show RIP routes in web-console.
  • Added ability to show traffic load by users.
  • Fixed error Object not found when deleting IP address from the IP list.
  • Fixed problem when object was deleted in UGMC, but it was in use in local rules.
  • Fixed problem with adding a gateway with interface set to auto.
  • Fixed problem with adding custom morphology list.
  • Fixed problem with connectivity checker after new gateway added.
  • Fixed problem with content filtering rules which do not work for explicit proxy clients and destination zone set.
  • Fixed problem with exporting logs by cron timer.
  • Fixed problem with loop block page redirect for explicit proxy users and external block page.
  • Fixed problem with loosing packets of VIPNet VPN traffic.
  • Fixed problem with making report Configuration changes summary by components.
  • Fixed problem with NAT rules which stops working sometimes.
  • Fixed problem with no emails sent over UserGate if Mail security is enabled.
  • Fixed problem with non working default gateway for PPPoE connection.
  • Fixed problem with proxying of DNAT traffic.
  • Fixed problem with sending data to all ICAP servers in ICAP load balancer.
  • Fixed saw-graph of current users in the Dashboard.
  • Improved default mail security rule - added services SMTPS and POP3S.
  • Improved grid view of rules with session start and every packet logging.
  • Improved open sockets management.
  • Improved performance of displaying large number of firewall rules.
  • Improved performance of UserGate URL categories matching.

UserGate 6 Release (build 6.1.0.10409R, 9.04.2021)

Main changes in version 6:

  • Added support for centralized management of Usergate devices with UserGate Management Center.
  • Added VRF support.
  • Added multicast routing support. UserGate supports Source Specific Multicast (SSM) and Any Source Multicast (ASM) modes, and IGMPv3 и IGMPv2 protocols for endpoints.
  • Added RIP support.
  • Firewall performance measured on IMIX traffic increased up to 10 times.
  • Web filtering performance increased in several times.
  • Developed new high performance IDPS engine.
  • Improved performance of rule processing algorithm.
  • Improved performance of LDAP authentication process.
  • Added SSH inspection.
  • Added ability for granular control of SSL inspection.
  • Added support for Russian GOST TLS for UserGate services and SSL inspection.
  • Added support for OPCUA SCADA protocol.
  • Added support for processing of mirrored SCADA traffic.
  • Added change control for all or specific changes made by administrators.
  • Increased number of security zones to 255.