UserGate NGFW 6.1.9 (hotfix build 6.1.9.12151R, 09.02.2024).
Сhanges in new version:
- UGDNS-19697 Fixed a bug where information about one's networks was not sent via BGP if there were duplicate prefix lists in different filters that were applied to the same neighbor.
- UGDNS-20890 Improved handling of ICAP rules.
- UGDNS-21115 Fixed problem with expiration of key for temp users validation.
- UGDNS-21801 Fixed a bug that led to the deletion of a guest user an hour after creation.
- UGDNS-22030 Fixed unexpected termination of Remote access VPN.
- UGDNS-22035 Fixed gateway disappearing after rebooting cluster nodes.
- UGDNS-22089 Fixed the operation of MIME content filtering rules.
- UGDNS-22146 Fixed a bug in the algorithm for determining the next month in monthly operations.
- UGDNS-22187 The XDP driver is activated on the secondary (slave) interfaces of the L2 bridge.
- UGDNS-22318 Fixed broken synchronization of URL lists between Management Center and NGFW.
- UGDNS-22500 Improved stability of UGOS.
- UGDNS-22661 VS: Fixed memory leak in http proxy. Fixed a bug with sending an incomplete POST request body when NTLM authentication is enabled on the server.
- UGDNS-22728 Fixed incorrect processing of authentication data from the RADIUS server.
- UGDNS-22759 Fixed incorrect display of guest user information when using email authentication.
- UGDNS-22768 Optimized memory consumption.
- UGDNS-22804 Fixed a memory leak in the packet capture subsystem for IDS.
- UGDNS-22823 Optimized memory consumption during mass user login/logout operations.
- UGDNS-22941 Fixed incorrect definition of the destination zone in the content filtering rules and captive portal for newly created VRFs.
- UGDNS-23064 Fixed ECMP operation when there are equivalent routes.
- UGDNS-23077 Fixed DHCP client operation after device reboot.
- UGDNS-23079 Scheduled firewall rules do not work correctly.
- UGDNS-23167 Fixed transferring files to the ICAP server in respmod mode and setting the Forward and Ignore action in the ICAP rule.
UserGate NGFW 6.1.9 (hotfix build 6.1.9.12135R, 31.10.2023).
Сhanges in new version:
- UGDNS-21428 Fixed problem with periodic user authorization reset.
- UGDNS-21470 The cause of the CPU load limit when using domain name lists in firewall rules has been fixed.
UserGate NGFW 6.1.9 (hotfix build 6.1.9.12132R, 29.09.2023).
Сhanges in new version:
- [UGDNS-17957] Fixed a bug with blocking page availability when the HTTP\HTTPS service is disabled in zone permissions.
- [UGDNS-18036] Fixed error filtering events log entries by user.
- [UGDNS-18321] Fixed missing Mari El region when activating a license.
- [UGDNS-20000] The problem of unstable operation of interfaces when trying to open resources published via port-forwarding and connected via a bridge interface has been fixed.
- [UGDNS-20260] Improved stability of the failover cluster.
- [UGDNS-20614] Improved processing of non-TLS traffic with an explicit proxy server.
- [UGDNS-20741] Fixed an error in transmitting the incorrect speed value of disconnected interfaces in the SNMP module.
- [UGDNS-20780] Fixed loss of the network configuration of all nodes when importing the network configuration to one of the cluster nodes.
- [UGDNS-20868] Fixed missing guest users when upgrading to a new version or importing a configuration.
- [UGDNS-21135] Fixed incorrect URL handling in ICAP rules.
UserGate 6.1.9 (hotfix build 6.1.9.12117R, 29/08/2023).
Сhanges in new version:
- [UGDNS-17314] Increased timeout of second authentication factor confirmation.
- [UGDNS-17782] Improved system stability when updating VPN connections.
- [UGDNS-17809] Fixed overridden URL categories export bug.
- [UGDNS-17817] Fixed error with displaying custom response pages assigned to use by default.
- [UGDNS-17870] Fixed bug with resources publishing via web portal if URL specified in rules.
- [UGDNS-18063] Improved stability of UserGate NGFW when processing blocking rules with the Reject with TCP reset parameter.
- [UGDNS-18163] Fixed state control for Log Analyzer server.
- [UGDNS-18251] Fixed spontaneous zeroing of custom URL lists.
- [UGDNS-18272] Fixed possible violation of OSPF route announcements when the interface "blinks".
- [UGDNS-18419] Fixed issue with resolving domain names longer than 63 characters.
- [UGDNS-18716] Fixed a bug due to which URL lists were processed incorrectly.
- [UGDNS-18988] Fixed work of filter criteria in the traffic log.
- [UGDNS-19345] Fixed intermittent loss of inactivity timer for Captive Portal users.
- [UGDNS-19559] Fixed an issue with caching the name of the Captive Portal page on the DNS server, which could break access to it.
- [UGDNS-19578] Fixed a bug where the SNMP agent receives an incorrect value from the system instead of an empty string.
- [UGDNS-20231] Fixed errors in traffic limit scenario operation.
- [UGDNS-20300] Improved stability of VPN connections.
- [UGDNS-20561] Fixed incorrect deletion of Web portal certificates from the Management Center if the certificate is used elsewhere.
UserGate UserGate 6.1.9 (hotfix build 6.1.9.12071R, 02/08/2023).
Сhanges in new version:
- [UGDNS-17049] Fixed incorrect processing of FreeIPA LDAP user groups information.
- [UGDNS-18011] Improved stability of UDP connections when NAT used.
- [UGDNS-18563] Fixed an error that caused the database storing log event records to crash (error displayed in web console: Log Analyzer server connection error) in case of an abnormal reboot of the device.
- [UGDNS-18597] Fixed error with reverse proxy deleting scheme identificator (http, https) from referer which disrupts some services.
- [UGDNS-18777] Fixed bug related to incorrect work of "offline security updates".
- [UGDNS-18853] Fixed problem with incorrect distribution of traffic by mask between WCCP nodes.
- [UGDNS-18987] Fixed operation of DoS protection rules.
- [UGDNS-19040] Fixed TCP socket leak causing memory leak.
- [UGDNS-19367] Fixed the ICAP is Down error that occurrs if ICAP server response sent in multiple packets.
- [UGDNS-19916] Changed the order of selecting the synchronization interface in the failover cluster. The interface marked "cluster" in the failover cluster properties now takes precedence.
UserGate UserGate 6.1.9 (hotfix build 6.1.9.12030R, 29/06/2023).
Сhanges in new version:
- [UGDNS-16646] Improved stability of VPN connections when using the IPsec protocol.
- [UGDNS-18487] Improved system stability with a large number of VPN connections.
- [UGDNS-18498] Improved VPN connection stability with Apple devices.
- [UGDNS-16238] Fixed incorrect operation of firewall rules containing lists of URLs.
- [UGDNS-18031] Fixed problem with TLS_GOST2012256_WITH_28147_CNT_IMIT encryption protocol processing.
- [UGDNS-18062] Fixed a problem saving of the default gateway on the PPPoE interface when the device is rebooted.
- [UGDNS-18334] Fixed OSPF metrics update when OSPF enabled on Active-Passive HA cluster slave node.
- [UGDNS-18385] Fixed a bug in the "cluster" configuration, in which the "master" role is not automatically switched when the gateway is unavailable.
- [UGDNS-18479] Fixed operation of the L7 module if the Security Updates license has expired. The L7 module no longer requires a license to work.
- [UGDNS-18480] Fixed handling of DHCP reservation names with underscores.
- [UGDNS-18501] Fixed a bug with "blinking" interfaces when working with bond.
- [UGDNS-18555] Fixed problem with incorrect display of the number of users in the Dashboard.
- [UGDNS-18567] Fixed incorrect TOTP session reset when using FreeIPA authentication server.
- [UGDNS-18596] Fixed export of settings configuration.
- [UGDNS-18602] Fixed a bug that caused the system to crash after creating a local user group and adding LDAP users to it.
- [UGDNS-18611] Fixed Incorrect work of SMPP profiles.
- [UGDNS-18612] Fixed VPN user rights caching issue.
- [UGDNS-18646] Fixed a bug where the "useragent" field was not displayed in the content filtering logs.
- [UGDNS-18652] Fixed Incorrect operation of the URL list import mechanism.
- [UGDNS-18663] Fixed incorrect working of ICAP in load balancing mode.
- [UGDNS-18730] Fixed work of exceptions from authorization of the Captive portal, if the header "Host" in the request is empty.
- [UGDNS-18762] Fixed incorrect display of the message "LDAP server unavailable" when entering incorrect credentials.
- [UGDNS-18892] Fixed incorrect display of the VPN client address on the diagnostics page.
- [UGDNS-19003] Fixed a bug related to erroneous consideration of external IP addresses in the number of occupied licenses.
- [UGDNS-19078] Fixed a problem of synchronizing user sessions between cluster nodes in load balancing mode.
- [UGDNS-19118] Fixed incorrect work of content filtering rules with the "morphology" parameter.
- [UGDNS-19276] Fixed multiple errors in configuration import via API.
UserGate UserGate 6.1.9 (hotfix build 6.1.9.12008R, 25/05/2023 Revoked).
Сhanges in new version:
- [UGDNS-16646] Improved stability of VPN connections when using the IPsec protocol.
- [UGDNS-18487] Improved system stability with a large number of VPN connections.
- [UGDNS-18498] Improved VPN connection stability with Apple devices.
- [UGDNS-16238] Fixed incorrect operation of firewall rules containing lists of URLs.
- [UGDNS-18031] Fixed problem with TLS_GOST2012256_WITH_28147_CNT_IMIT encryption protocol processing.
- [UGDNS-18062] Fixed a problem saving of the default gateway on the PPPoE interface when the device is rebooted.
- [UGDNS-18334] Fixed OSPF metrics update when OSPF enabled on Active-Passive HA cluster slave node.
- [UGDNS-18385] Fixed a bug in the "cluster" configuration, in which the "master" role is not automatically switched when the gateway is unavailable.
- [UGDNS-18479] Fixed operation of the L7 module if the Security Updates license has expired. The L7 module no longer requires a license to work.
- [UGDNS-18480] Fixed handling of DHCP reservation names with underscores.
- [UGDNS-18501] Fixed a bug with "blinking" interfaces when working with bond.
- [UGDNS-18555] Fixed problem with incorrect display of the number of users in the Dashboard.
- [UGDNS-18567] Fixed incorrect TOTP session reset when using FreeIPA authentication server.
- [UGDNS-18596] Fixed export of settings configuration.
- [UGDNS-18611] Fixed Incorrect work of SMPP profiles.
- [UGDNS-18612] Fixed VPN user rights caching issue.
- [UGDNS-18646] Fixed a bug where the "useragent" field was not displayed in the content filtering logs.
- [UGDNS-18652] Fixed Incorrect operation of the Url list import mechanism.
- [UGDNS-18663] Fixed incorrect working of ICAP in load balancing mode.
- [UGDNS-18892] Fixed incorrect display of the VPN client address on the diagnostics page.
- [UGDNS-19118] Fixed incorrect work of content filtering rules with the "morphology" parameter.
UserGate UserGate 6.1.9 (build 6.1.9.11836R, 16/01/2023).
Сhanges in new version:
- Added Mincifra root certificate to the list of trusted certificates.
- Added ability to analyze VLAN tagged traffic on mirrored port.
- Added number of DNS servers check not to exceed 2 for VPN clients.
- Added ability to use telephone numbers up to 15 digits long.
- Added ability to create port forwarding rules without ports specified.
- Updated the interfaces list from SNMP ifTable and ifXTable.
- Increased timeout of second authentication factor confirmation.
- Increased the number of multicast groups which UserGate can subscribed to to 200.
- Improved watchdog procedure.
- Improved VPN stability.
- Improved UserGate NGFW stability.
- Improved traffic capture operation, added file size limit to 2Gb.
- Improved stability when WCCP is in use.
- Improved stability when deployed on QEMU hypervisor.
- Improved stability of authentication agent for terminal services.
- Improved sorting of library lists in rules selectors.
- Improved processing of user, if he exists in 2 or more domains with the same name.
- Improved processing of DNS requests by IDPS.
- Improved process of getting users information when a large amount of user sessions is established.
- Improved procedure of applying configuration changes from UGMC to NGFW devices.
- Improved order of displaying network ports in dashboard widget.
- Improved NGFW overall stability.
- Improved MC and NGFW sync process stability.
- Improved LDAP connector performance.
- Improved HA cluster stability.
- Improved establishing of VPN connection with different hash algorithms on phase 1 and 2.
- Improved display of IP addresses assigned via DHCP.
- Improved detection of user's groups by auth agent when membership changed.
- Improved configuration generating process in case of a large number of rules and library elements.
- Improved cluster configuration with 3 or more nodes stability while rebooting some of nodes.
- Improved General settings sync to NGFW devices.
- Improved cluster split-brain recovery after connectivity outages.
- Fixed the traffic capture filters error.
- Fixed the local lists sync error in MC and NGFW cluster slave node synchronization process.
- Fixed the bug of detecting the second network card bypass bridge interfaces.
- Fixed sync error of captive profiles between MC and NGFW when profile parameters updated.
- Fixed statistics database request execution error related to Active Directory conflict records.
- Fixed SNMP Engine ID sync error when NGFW configurated via MC.
- Fixed search query error in web access log when India used as traffic source/destination country.
- Fixed safe browsing rules logging when SSL inspection enabled.
- Fixed problem, when node status check in HA cluster could be unsuccessful in some cases.
- Fixed problem with web portal which may work incorrectly in Active-Active cluster.
- Fixed problem with web portal auth when TOTP MFA by SMS delivery used.
- Fixed problem with VPN users authentication if they use netbios domain name.
- Fixed problem with VPN reconnect to NGFW server when VIP repeatedly modified in Active-Passive cluster acting as a VPN client.
- Fixed problem with updating of firewall rules in HA cluster if cluster virtual IPs have changed.
- Fixed problem with triggering Captive portal rule if it has full URL in rule condition.
- Fixed problem with TOTP reset for users with Cyrillic letters in names.
- Fixed problem with storing data about users specified in MC rules after rules deleted.
- Fixed problem with starting traffic capture on the cluster node, other than node where rule was created.
- Fixed problem with SSL inspection for software anyconnect via explicit proxy.
- Fixed problem with slow opening sites over transparent proxy mode which has TCP option window-scale set to 0.
- Fixed problem with searching for url categories from content filtering rule edit dialogue.
- Fixed problem with SAML authentication.
- Fixed problem with processing some specific requests over reverse proxy.
- Fixed problem with processing of PBR rules if user added or deleted in rule's condition.
- Fixed problem with processing of content filtering, safe browsing, SSL and SSH inspection, mail security, and ICAP rules if user added or deleted in rule's condition.
- Fixed problem with outgoing messages queue filling up memory when exporting logs to Syslog server via TCP protocol.
- Fixed problem with no user identifications on cluster node after node rebooted.
- Fixed problem with no updating routes with automatic destination interface when interface settings changed.
- Fixed problem with no logs for triggered spoofing protection rules.
- Fixed problem with no logging in case of no SSL inspection configured, but content filtering rule with content analysis exists.
- Fixed problem with no information about number of packets of triggered DoS rule for zone in traffic log.
- Fixed problem with no ability to assign backup gateway for group of balanced gateways.
- Fixed problem with multiline responses for SMTP commands.
- Fixed problem with memory leak in proxy module, which may happen in some specific cases.
- Fixed problem with Mail security which cannot work on arbitrary SMTP port.
- Fixed problem with logging of DoS protection rules triggers.
- Fixed problem with license registration on new cluster node right after finishing registration of main node.
- Fixed problem with incorrect search result if backslash is used in search string.
- Fixed problem with incorrect processing of traffic from proxy agent by content filtering rules.
- Fixed problem with incorrect OSPF routes cost in active-passive cluster with more than 2 nodes.
- Fixed problem with incorrect logging of IDPS rules.
- Fixed problem with incorrect folder list over sftp and ssh inspection configured.
- Fixed problem with ignoring of VRF when processing traffic with destination ports 80 and 443.
- Fixed problem with getting error when monitoring web portal users authorized with cookie.
- Fixed problem with gateway lost after reboot, happening in some specific cases.
- Fixed problem with failover gateway unavailable, which happens in some cases.
- Fixed problem with expiration of key for temp users validation.
- Fixed problem with excessive memory use while using overridden domains.
- Fixed problem with DNS when internal cache is not used for records with large number of addresses.
- Fixed problem with displaying of terminal services users in traffic log.
- Fixed problem with DHCP relay on VLAN interfaces stopped working after UG OS version upgrade.
- Fixed problem with creating configuration cluster using bond interface.
- Fixed problem with corrupted configuration file while it was exported to ftp location.
- Fixed problem with connecting to 3rd party vendor's VPN over NAT.
- Fixed problem with configuring PBR rule, if it uses different node's gateway.
- Fixed problem with closing of AP Continent VPN, if no traffic transmitted from client during timeout.
- Fixed problem with client connection to Site-to-Site VPN when user changed for this connection.
- Fixed problem with caching of DNS responses for requests for SOA and CNAME record types.
- Fixed problem with block page which shows "garbage" information for sites with more than 64 HTTP headers.
- Fixed problem with applying of zone services committed from UGMC.
- Fixed problem with applying of services from UGMC to NGFW which contains Cyrillic symbols in names.
- Fixed problem with applying gateways with same IPs if they were created by UGMC.
- Fixed problem with all parameters link-info lost after reboot except last added.
- Fixed problem with AdBlock database update on cluster configuration nodes.
- Fixed problem when DHCP lease can't be removed if its subnet removed or changed.
- Fixed problem of using of virtual IP of high availability cluster for load balancing.
- Fixed problem of high load on NGFW during traffic processing by mirror type interface.
- Fixed problem causing the web interface inaccessibility.
- Fixed OSPF costs update error when HA cluster master changed multiple times.
- Fixed order of physical interfaces in ifTable.
- Fixed memory leak in some VPN configurations.
- Fixed incorrect value transmitted for sysUpTime in SNMP.
- Fixed incorrect processing of mails, which have dot and carriage return in their body.
- Fixed IDPS module incorrect update error.
- Fixed error with URL lists sync between NGFW cluster nodes when firewall rules created in MC.
- Fixed error with applying PBR rules to users specified in the rules after they are re-authorized.
- Fixed error of synchronization between MC and NGFW configuration cluster in case one of the nodes is unavailable.
- Fixed error occurred when incorrect temporary guest account expiration date in captive profile properties specified.
- Fixed compatibility with 3rd party VPN solutions if NAT-traversal is used.
- Fixed bug with path rewriting when HTTPS used for resources publication via reverse proxy rules.
- Fixed bug with fastpath module self-enabling after it was disabled.
- Fixed bug of memory full utilization caused by working with ICAP server.
- Fixed an error in identifying groups of users been in several domains.
- Fixed access check error on web portal.
- Fixed a problem with optimizing the storage of user account information.
- Fixed problem with establishing of TLS session with some high load web sites in transparent proxy mode.
- Fixed problem with transferring data by Telegram messenger for some Telegram's services.
UserGate 6.1.8 Release (build 6.1.8.11532R, 22/08/2022)
Сhanges in new version:
- Added ability to change data fastpath mode for firewall via CLI.
- Auth agent for terminal server has been updated.
- Improved CPU load by LogAn when processing LDAP users' names.
- Improved displaying of Dashboard's widgets with large number if network interfaces.
- Improved firewall performance if no content filtering and SSL inspection rules applied.
- Improved firewall stability in Hyper-V.
- Improved general firewall stability.
- Improved memory management for L7 and IDPS modules.
- Improved view of large number of NICs in Dashboard.
- Fixed problem with certificate chain added to Captive portal certificate was not provided at Captive portal page.
- Fixed firewall behavior if no correct DNS server configured.
- Fixed intermittent memory leak in proxy module.
- Fixed MIME type for pcap files, which are downloaded from NGFW.
- Fixed problem with blocking of outgoing syslog traffic by IDPS.
- Fixed problem with changing network interface type and address in CLI.
- Fixed problem with changing source zone in existing port forwarding rule.
- Fixed problem with changing zone's access control for web portal was NAT applied.
- Fixed problem with connecting users to VPN, if VPN server rule contains local groups with local or domain users.
- Fixed problem with inability to create 2 load balancers with the same port, but different transport protocols.
- Fixed problem with incorrect ICAP server status check, which may happen in some cases.
- Fixed problem with logging of domain user authentication information if user logged in s domain\user.
- Fixed problem with logging user which was identified by radius accounting.
- Fixed problem with no information of successful user auth in log export.
- Fixed problem with no logged event for reverse proxy rules.
- fixed problem with no logging of web safety rules.
- Fixed problem with no pcap files for triggered IDPS events, if several events happened.
- Fixed problem with PBR processing in cluster configuration.
- Fixed problem with processing Captive portal auth timers.
- Fixed problem with proxy port assigned from UGMC is not applied at NGFW.
- Fixed problem with restoring VPN settings from exported configuration.
- Fixed problem with simultaneous authentication user from terminal server and Captive portal.
- Fixed problem with VPN connection if authenticating over Radius server.
- Fixed problem with web portal which may work incorrectly in Active-Active cluster.
- Fixed various auth errors in Terminal services auth agent.
UserGate 6.1.7 Release (build 6.1.7.11418R, 08/06/2022)
Сhanges in new version:
- Added ability to record traffic for triggered IDPS events.
- Added ability to create VPN tunnels with third party vendors using GRE over IPSec and IPsec over GRE.
- Added ability to chose main/aggressive mode for IKE SA negotiation for VPN IKEv1.
- Added ability to select different hash and encryption algorithms for 1 и 2 phases of IKEv1 VPN.
- Added ability to select Diffie–Hellman groups for VPN IKEv1.
- Added ability to use GeoIP addresses as source addresses for VPN server rules.
- Added ability to search local user by MAC address assigned to him.
- Added ability to sort IP list by name in rules.
- Added increased cost (double) for OSPF distributable default route for standby node in AP cluster.
- Added Restful API for UserGate management.
- Increased the number of network interfaces to 10 for OVF image.
- Improve GeoIP quality.
- Improved CLI over SSH security.
- Improved Dashboard graph of current NGFW users.
- Improved displaying of long URLs in reports.
- Improved IDPS performance in iperf performance testing.
- Improved L7 information (application and application protocol) presentation in traffic log.
- Improved large number of lists in libraries.
- Improved log rotation procedure.
- Improved NGFW stability when old and low performance NICs are configured in hypervisor for virtual appliance.
- Improved overall stability of NGFW.
- Improved procedure of removing elements from rules, if search was used for finding these elements.
- Improved process of downloading large sized logs.
- Improved processing of fragmented OPC UA commands.
- Improved processing of packets requiring fragmentation.
- Improved security of UserGate software updates.
- Improved server time display when switching between configuration pages.
- Improved synchronization effectiveness of large objects between cluster configuration nodes.
- Improved Terminal server authentication agent. Required to update terminal agent software.
- Improved updates check and download procedure.
- Improved users from terminal servers identification information between nodes of UserGate cluster.
- Improved validation for OSPF interface priority.
- Improved watchdog procedure.
- Fixed a problem with the absence of static routes when connecting directly connected to the network in which the gateway for this route is located.
- Fixed incorrect status displayed in traffic log for DoS protection rules triggered.
- Fixed intermittent problem with VPN service hangs when switching VPN rule on/of.
- Fixed memory leak when bond interfaces are in use.
- Fixed minor problems of viewing web portal bookmarks.
- Fixed NGFW crash when L3 bridge with bypass is configured.
- Fixed problem when exported logs shows default node name but not name set by administrator.
- Fixed problem when firewall rule is still active even it was disabled by administrator.
- Fixed problem with incorrect processing of SSL inspection rules, if they applied to AD users.
- Fixed problem with changing AP cluster state when editing cluster configuration on slave node.
- Fixed problem with content filtering rules which do not consider destination zone condition in some cases.
- Fixed problem with content filtering when filtering SNI value with URL lists.
- Fixed problem with defining of bypass ports on second network cards.
- Fixed problem with deleting URL list from UGMC in some cases.
- Fixed problem with gateways lost in cluster after importing configuration.
- Fixed problem with getting url category for domains listed in Overridden url categories.
- Fixed problem with HA cluster's traffic blocked by spoofing protection rules, happening in specific cases.
- Fixed problem with importing VLANs and bonds from saved configuration.
- Fixed problem with inability to add route to the network which is directly connected to the UserGate.
- Fixed problem with inability to establish some TCP sessions with remote host with fast port reuse configured.
- Fixed problem with inability to reconnect to SSH server published via web portal, if user closed web page with established connection.
- Fixed problem with incorrect processing of content filtering rules during rebuilding rules.
- Fixed problem with incorrect time formats for some schedule.
- Fixed problem with incorrect time used for report generation if local time zone is used.
- Fixed problem with incorrect user's group membership, if user and groups are in different AD domains with trust relationship.
- Fixed problem with incorrect zone is logged to traffic log for DoS protection rules.
- Fixed problem with logging of responded UDP packets when Log session start is selected.
- Fixed problem with management of lists in rules, if number of lists exceeds 20.
- Fixed problem with missing UTM-ENTERPRISE-MIB in downloaded MIB-file.
- Fixed problem with no entry in web access log for HTTPS request without SNI.
- Fixed problem with no information about network port state in SNMP.
- Fixed problem with no IP and URL lists in exported configuration.
- Fixed problem with no routes and information from BGP neighbor.
- Fixed problem with packets loss between different types of NICs.
- Fixed problem with recreating of bond and bridge interfaces when applying any network interface changes from UGMC.
- Fixed problem with search by IP address in arrived from UGMC rules.
- Fixed problem with shaper rules, which could be applied in a wrong order.
- Fixed problem with SSL inspection in transparent proxy mode if URL and categories condition are used.
- Fixed problem with terminal server auth agent when number of IP addresses changed. Required to update terminal server auth agent.
- Fixed problem with traffic capturing.
- Fixed processing of Captcha in web portal.
- Fixed UserGate crash which may happen when firewall rule with L7 or IDPS rule block traffic with sending RST to both parties.
UserGate 6.1.6 Release (build 6.1.6.11213R, 23/03/2022)
Сhanges in new version:
- Added ability of SSH inspection logging.
- Added ability to create SSH inspection reports.
- Added ability to identify user belonging to more than one domain when authenticating via terminal server agent.
- Added ability to set more than 1 IP address for Radius server.
- Added reverse proxy path rewrite functionality for the Domain parameter in the set-cookie HTTP header.
- Added sorting for HA cluster objects.
- Added state indicator for ICAP server.
- Improve sorting of local users list.
- Improved check procedure for complexity of Admin's password compliance.
- Improved errors meaning for registration process.
- Improved IDPS performance for STUN traffic.
- Improved license check procedure.
- Improved order of events of remote access VPN connections.
- Improved processing of large number of unsuccessful LDAP requests.
- Improved processing of SSH inspection rules.
- Improved stability with lists importing operations, which contain invalid data.
- Improved Terminal server authentication agent. Required to update terminal agent software.
- Improved UserGate NGFW stability.
- Removed "Log all packets" option for Policy based rules.
- Removed ability to negate condition for L7 application in firewall rules.
- Removed ability to use domain built-in groups in filtering policies.
- Servers for remote assistance have moved to Russian Federation.
- Fixed error which happens during searching for a user which TOTP key should be reset.
- Fixed incorrect GeoIP addresses for EU zone.
- Fixed incorrect RBAC assigned from UGMC to UserGate devices.
- Fixed logging of fetch_cert is failed event for SSL inspection.
- Fixed notation for ICAP servers URI.
- Fixed problem with allow rule in content filtering with destination Zone/IP set.
- Fixed problem with determining of destination zone for Captive portal rules.
- Fixed problem with filtering by URLs for list containing Cyrillic domains.
- Fixed problem with filtering by useragent when useragent does not contain any value (empty).
- Fixed problem with gateway via specific interface remains active after this interface is added to a bond interface.
- Fixed problem with GRE tunnel disappeared from assigned VRF after reboot.
- Fixed problem with inability to install offline security update.
- Fixed problem with incorrect interfaces status, which were part of the bond interface, after bond deleted.
- Fixed problem with incorrect NAT processing for more than one client if traffic has fixed source ports.
- Fixed problem with incorrect number of IP address which consume licensed number of users.
- Fixed problem with incorrect processing of content filtering rules during rebuilding rules.
- Fixed problem with incorrect showing network interface belonging to custom VRF in default VRF.
- Fixed problem with logging of default rule 'Default allow' with disabled logging.
- Fixed problem with lost of static users identification when membership in local group changed for some users.
- Fixed problem with memory leak which may happen sometimes during processing TLS traffic.
- Fixed problem with validation of reserved hosts in DHCP.
- Fixed processing of Captcha in web portal.
UserGate 6.1.5 Release (build 6.1.5.11134R, 11/02/2022)
Сhanges in new version:
- Added ability to enable X-Forwarded-For header.
- Added ability to get the IP addresses list of hosts consuming license.
- Added ability to search by signature name in IDPS rules.
- Added ability to set custom SNMP engine ID.
- Added ability to use 'Not in' operator in search rules.
- Added context help for advanced search in web console.
- Added information about blocking reason of https service for Reverse proxy.
- Added more parameters checks while creating VRF.
- Added QoS pre-classify option for VPN tunnels.
- Added reverse proxy path rewrite functionality for the Domain parameter in the set-cookie HTTP header.
- Added support for diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, ssh-rsa protocols to cli over ssh.
- Added support for diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, ssh-rsa protocols to SSH inspection.
- Added support for RAID controller LSI 9361-16i.
- Additional checks added for DHCP options.
- Admin console tab renamed to Settings tab.
- Improved administrator's login page view for different browser window size.
- Improved CA certificate name which is used by UserGate node for SSL inspection.
- Improved check and download procedure of updatable lists. Added additional logging for this events.
- Improved firewall performance for type of network card virtio in KVM-libvirt.
- Improved IDPS performance for traffic of specific protocols and applications.
- Improved IDPS performance on high speed traffic.
- Improved management of local users created from UGMC.
- Improved performance of content filtering processing with virus or morphology check in some cases.
- Improved performance of stream virus check.
- Improved SSL inspection in transparent mode for web sites with legacy TLS protocol versions.
- Improved SSL rules processing when client does not send SNI.
- Improved updating, deleting and creation of local users with static IP addresses on UserGate, created from UGMC.
- Improved UserGate stability when inspecting GRE tunnels.
- Improved UserGate stability.
- Increased performance of IDPS.
- Removed excessive logging which may cause performance degradation.
- Fixed an issue when DNATed HTTP(s) traffic could be blocked by default Block everything policy.
- Fixed crash which may happen in some cases when add/delete content filtering rule.
- Fixed excessive TCP fragmentation to client connection with transparent proxy and content filtering or SSL inspection enabled.
- Fixed issue that could result in gateway absence after settings import.
- Fixed load balancer with more than one balancing rules configured.
- Fixed problem when DHCP relay may not work correctly if DHCP pool has some specific settings.
- Fixed problem when protocol TCP was always saved in port forwarding rules , no matter which protocol was originally set.
- Fixed problem with 3 seconds delay in opening some websites in transparent proxy mode.
- Fixed problem with access to a several web-sites, for example, http://web.tpu.ru.
- Fixed problem with adding of Active directory group Builtin Users to the rules.
- Fixed problem with applying shaping policies for group of users from LDAP.
- Fixed problem with applying to UserGate updated in UGMC URL list.
- Fixed problem with assigning incorrect administrator profile, if administrator has different profiles assigned to him and to his groups.
- Fixed problem with blocking of transit multicast traffic.
- Fixed problem with bypass bridge on cluster created from different types of appliances.
- Fixed problem with certificate is not updated when changes made in service domains auth, logout, block.
- Fixed problem with changing of auth method after auth profile was created in UGMC.
- Fixed problem with connecting from Secure CRT to CLI SSH.
- Fixed problem with content filtering for HTTPS sites which have SNI different from certificate's subject name.
- Fixed problem with content filtering rules processing for rules with time restrictions.
- Fixed problem with creating full backup and error Cannot mount /dev/dm-3.
- Fixed problem with creating of copy of report rule.
- Fixed problem with delay in opening web sites from terminal servers with installed terminal server auth agent. Update of auth agent for terminal servers is recommended.
- Fixed problem with disappearing of directly connected routes on HA cluster node which changed from Master to Slave.
- Fixed problem with DNS SRTT may get negative value.
- Fixed problem with filtering by URL lists containing regexp elements ^, $, *.
- Fixed problem with inability to add url started with // to URL list.
- Fixed problem with inability to block traffic of Anydesk app by content filtering.
- Fixed problem with inability to create VRF with name, which is already in use on another cluster node.
- Fixed problem with inability to set password for terminal services agents via UGMC.
- Fixed problem with incorrect AD group membership for a user, who logged in from different devices when membership was changed in AD.
- Fixed problem with incorrect consuming of licenses when ip spoofing protection is enabled.
- Fixed problem with incorrect MAC address assignment on bond interface after system reboot.
- Fixed problem with incorrect processing of content filtering rules in explicit proxy mode with defined destination zone and disabled SSL inspection.
- Fixed problem with incorrect processing of policy for a particular user, if he logged out from one of computer and continue to work on another computers.
- Fixed problem with incorrect processing of requests for reverse proxy, if web portal listens on the same port.
- Fixed problem with incorrect processing of users groups happened in some cases in cluster.
- Fixed problem with incorrect search result when searching for IP addresses in some cases.
- Fixed problem with incorrect sequence of prefix lists and routemaps in BGP.
- Fixed problem with incorrect terminating of terminal servers users.
- Fixed problem with incorrect tracing rule processing in some cases.
- Fixed problem with incorrect URLF category in notification for adding request for white list for a web site.
- Fixed problem with incorrect work of scenarios with application L7 as condition.
- Fixed problem with local user identification, if it was created in UGMC with static IP address.
- Fixed problem with local users identification, if they identified by static IP, when they are added to a group.
- Fixed problem with logging in to CLI SSH with password containing special symbols.
- Fixed problem with logging of default rule 'Default allow' with disabled logging.
- Fixed problem with memory leak when using HTTP PUT method with web console.
- Fixed problem with memory leak which happens when opening block pages with HTTP POST method.
- Fixed problem with no blocking reason in web access log.
- Fixed problem with no record in web access log for blocked by AdBlock connections, when no SSL inspection enabled.
- Fixed problem with placing NAT rule to a specific position in the rules list when creating a rule.
- Fixed problem with processing of content filtering rules with time restriction.
- Fixed problem with restoring UserGate settings from backup if it was connected to UGMC.
- Fixed problem with RIP v2 does not work if password set for authentication.
- Fixed problem with SCADA rules, which require to have firewall rules allowing traffic from UserGate.
- Fixed problem with several gateways can be assigned as default gateways.
- Fixed problem with some packets lost when traversing over route leaking over other's VRF.
- Fixed problem with spam mail filtering happening in some cases.
- Fixed problem with sporadic connectivity issues for some websites (Sberbank business).
- Fixed problem with SSL inspection if site's certificate contains Cyrillic letters.
- Fixed problem with traffic filtration if no L7 database exists.
- Fixed problem with update checking for custom updatable lists if connectivity lost between NGFW and UGMC.
- Fixed problem with updating of custom lists on UserGate, when rules with these lists are updated on UGMC.
- Fixed problem with user authentication by TACACS+ servers.
- Fixed problem with UserGate crash happened in some cases.
- Fixed problem with VoIP telephony which doesn't work over UserGate.
- Fixed UserGate server crash when deleting bridge interface which is in use by SSL inspection.
UserGate 6.1.4 Release (build 6.1.4.11011R, 17/11/2021)
Сhanges in new version:
- Added syslog rotation by log size.
- Added BGP allowas-in functionality.
- Added ability to use symbols * and ^ in mail addresses in mail addresses library.
- Added ability to show SNAT addresses in NAT and routing rules grid.
- Added ability to have simultaneous connections to SSH CLI.
- Added ability to disable collection of additional debugging information from CLI.
- Improved view of errors of sync cluster's nodes with UGMC.
- Improved UserGate stability.
- Improved statistics database update procedure during software update.
- Improved stability of proxy agent UserGate.
- Improved stability of IDPS module.
- Improved stability of authentication agent for terminal services.
- Improved SSL rules processing when client does not send SNI.
- Improved search speed of big lists of IP addresses and URLs.
- Improved search for content of morphology databases.
- Improved search for content of fields in content filtering rules.
- Improved remote administrator service, in case port 22 is blocked with reject packet sent.
- Improved processing of DNS requests if some of DNS servers are not responding.
- Improved performance of simultaneous authentication of large number of users.
- Improved performance by made DNS SRTT metric is non clusterable.
- Improved overall stability of UserGate.
- Improved new IDPS and L7 lists update procedure to eliminate corrupted signatures from being loaded.
- Improved logging levels for NAT, DNAT and Port forwarding rules.
- Improved L7 application processing.
- Improved import of network settings to all cluster's nodes.
- Improved IDPS performance.
- Improved IDPS performance on high speed traffic.
- Improved HA cluster configuration view.
- Improved export configuration - added overridden domains to export.
- Improved DNS over TCP requests processing.
- Improved displaying of time in logs, removed fractions of second.
- Improved CPU cores load. Added support for up to 256 cores.
- Improved check for overlapping when assigning virtual IP address in a VRF.
- Improved check for correctness of cluster node name. Added ability to use '-' symbol in node name.
- Improved Captive portal rules view if there are more than 20 rules.
- Improved API functions checks for correctness of calls.
- Improved and optimized logging of IDPS events. Removed excessive events logging to traffic log.
- Improved algorithm of applying changes to configuration of ospf, bgp, rim and pim routers.
- Improve performance of determining of output zone.
- Fixed vulnerability BDU:W-2021-00199, no header Content-Security-Policy.
- Fixed vulnerability BDU:W-2021-00200, no header Strict-Transport-Security (HSTS).
- Fixed vulnerability BDU:W-2021-00191, allowing XSS attack on search string in Logs and reports page.
- Fixed vulnerability BDU:W-2021-00192, allowing SQL injection attack on search string in Logs and reports page.
- Fixed vulnerability BDU:W-2021-00189, allowing to create a local user with not complex password.
- Fixed vulnerability BDU:W-2021-00202, no header X-XSS-Protection.
- Fixed some minor dialog problems after override domain's category.
- Fixed SMTP service crash when receiving emails from gmail.com.
- Fixed search for IP address in port forwarding rules.
- Fixed search by source address in NAT and routing rules.
- Fixed rules processing for rules with negate for url list.
- Fixed rules filtering problem based on enable/disabled rule option in NAT and routing.
- Fixed problem with web-console hangs when editing of local user with high number of local users.
- Fixed problem with VLAN tag removal in case of redirecting traffic from one VLAN to another, or from VLAN to an access port.
- Fixed problem with VLAN interfaces created on Bond interface are down after server restarted.
- Fixed problem with using of deprecated UDP port 8472 for VXLAN communications instead of 4789.
- Fixed problem with using default gateway for Default VRF if no default gateway configured in custom VRF.
- Fixed problem with UserGate hangs in some cases if Intel networks cards are in use.
- Fixed problem with URL lists containing domains in Cyrillic.
- Fixed problem with URL category check if URL contains leading or trailing spaces.
- Fixed problem with updating large number of VLAN interfaces in one click.
- Fixed problem with unable to connect error in web console if searching LDAP group and LDAP server's host cannot be resolved.
- Fixed problem with triggering scenario for IDPS event for LDAP group.
- Fixed problem with TCP window size which can lead to high memory use in some cases.
- Fixed problem with switching of BGP router in Active-Passive cluster when master role is transferred to reserved node.
- Fixed problem with some settings lost when changing OSPF router.
- Fixed problem with slow downloading speed if SSL inspection is enabled.
- Fixed problem with showing user as Unknown in traffic log, while it was authenticated by auth agent for Windows.
- Fixed problem with showing of gateways by gateway list CLI command.
- Fixed problem with routes and gateways which were created in CLI are not shown in web console in some cases.
- Fixed problem with restoring UGMC from backup.
- Fixed problem with page modification mark is not displayed in some cases in UGMC templates.
- Fixed problem with notification about incorrect checksum for file settings.pyc.
- Fixed problem with no rule name is displayed in IDPS logs.
- Fixed problem with no logging of DoS protection rules on zones.
- Fixed problem with no logging configuration is in exported config.
- Fixed problem with no information about number of packets of triggered DoS rule for zone in traffic log.
- Fixed problem with no information about mime type in log when blocking by mime-type.
- Fixed problem with no displaying of BGP neighbor status in custom VRF.
- Fixed problem with no content filtering for L2 or L3 bridge interfaces.
- Fixed problem with moving of pre and post rules from local UserGate console.
- Fixed problem with locking of administrators account in case of exceeding number of false authentication attempts.
- Fixed problem with LDAP administrator logging in to web console happened in some cases.
- Fixed problem with large attachment over POP3 protocol blocked by mail security rules.
- Fixed problem with IP assignment to the interface after restoring configuration, if it had different mode in saved configuration.
- Fixed problem with incorrect weight is assigned to a morphology phrase if phrase assigned from UGMC.
- Fixed problem with incorrect uptime provided by SNMP.
- Fixed problem with incorrect sequence of prefix lists and routemaps in BGP.
- Fixed problem with incorrect rules processing for local users, happening in some cases.
- Fixed problem with incorrect processing of policies with LDAP groups in cluster.
- Fixed problem with incorrect processing of content filtering rules during rebuilding rules.
- Fixed problem with incorrect displaying of cluster IP address on slave node.
- Fixed problem with inability to send IDPS log records to external syslog server.
- Fixed problem with inability to save value in Keep-alive time field of Mulitcast router.
- Fixed problem with inability to log in as Admin@emergency to CLI over SSH.
- Fixed problem with inability to export configuration by read only administrator.
- Fixed problem with inability to disable network interface from interface configuration dialog, if IP address was obtained by DHCP and there is another interface with address in the same range.
- Fixed problem with inability to delete VRF, which was created on the cluster node which was deleted.
- Fixed problem with inability to delete VLAN if it is created on disabled physical interface.
- Fixed problem with inability to create LDAP connector if use digits in LDAP domain name field.
- Fixed problem with inability to apply metric to non-unicast routes.
- Fixed problem with inability to add DHCP relay on disabled interface.
- Fixed problem with IDPS module crashes during disabling it or updating signatures, happening in some cases.
- Fixed problem with HTTP/S connection freezes in some cases in transparent proxy mode.
- Fixed problem with high vCPU utilization caused by changes of updatable lists.
- Fixed problem with high vCPU usage during authentication of large number of users in cluster active-passive.
- Fixed problem with high CPU usage during DDoS attacks and enabled DoS protection.
- Fixed problem with high CPU load in case of several administrators connected to CLI over SSH.
- Fixed problem with gateway status does not update if unplug and then plug cable in.
- Fixed problem with gateway disappearing, if it was created before first initialization of system.
- Fixed problem with factory reset function after applying UGMC update.
- Fixed problem with erasing routes and gateways created from CLI after first initialization of UserGate.
- Fixed problem with downloading of files via ftp over http.
- Fixed problem with displaying of carriage return symbol in CLI over SSH for Windows computers.
- Fixed problem with code injection in Safe browsing rules.
- Fixed problem with cluster node registration error if Cyrillic symbols were used in registration form.
- Fixed problem with cluster configuration not imported from exported configuration.
- Fixed problem with changing OSPF encrypted authentication key.
- Added check for source zone presence in reverse proxy rules to avoid potential conflict with Captive portal rules.
- Fixed problem with Captive authentication with defined destination IPs.
- Fixed problem with applying negate action for services in firewall, IDPS and traffic shaping rules.
- Fixed problem with applying empty lists assigned from UGMC.
- Fixed problem with application identification for some applications.
- Fixed problem with append community option is not saved for routemap in BGP.
- Fixed problem with announcement of BGP routes happening in some cases.
- Fixed problem with adding rule and placing it on top of the rules for Nat and routing, IDPS, Reverse proxy and VPN rules.
- Fixed problem with adding bridge and bond types of interfaces to a static route.
- Fixed problem with accessing console by LDAP administrator created in UGMC.
- Fixed problem with ability to delete certificate which is in use by web portal.
- Fixed problem when users are not counted if explicit proxy is used on non-default port.
- Fixed problem when exported configuration does not contain DNS information.
- Fixed problem when changing user's group does not effect in UserGate if auth agent for Windows is used for authentication.
- Fixed problem of identification of local users with assigned IP addresses if Captive portal is configured.
- Fixed problem of file upload over HTTP-proxy connection.
- Fixed problem of enabling all VLANs on the interface in case of disabling and then enabling of physical interface.
- Fixed problem of blocking valid traffic due to incorrect setting of the source zone for some of the packets passing through the custom VRF.
- Fixed problem of automatic changing port's mode to Manual after link outage.
- Fixed mail security problem if set SMTP/S service without destination port specified.
- Fixed incorrect work of content filtering rules with Warn action.
- Fixed incorrect coding of messages in the event log for lists with Cyrillic letters.
- Fixed error which may happen when deleting of secondary NTP server.
- Fixed error when read only administrator checks LDAP connector connectivity.
- Fixed error of displaying of log with catlog command when connected to CLI as Admin@emergency.
- Fixed error message for license activation without connectivity to the license server.
- Fixed error if administrator is trying to delete several firewall rules together with default block rule.
- Fixed error happening when creating morphology list.
- Fixed content filtering if destination addresses contains URL list with destination domains.
- Fixed connection error while trying to connect to Log Analyzer server from UserGate over UGMC console.
- Fixed check if zone is used in rules when deleting zone.
UserGate 6.1.3 Release (build 6.1.3.10787R, 19/08/2021)
Сhanges in version 6.1.3:
- Added validation for AS number field in BGP virtual router.
- Added ability to add domain users to local groups.
- Added ability to add IP range to IP lists.
- Added ability to change pre rules to post and vice versa.
- Added ability to enable/disable VPN rule, which came from MC.
- Added ability to extend data partitions to several disks.
- Added ability to keep original values for windows scaling, sack, mss and timestamp options for connections over proxy.
- Added ability to show number of users connected over UserGate in case of unlimited license.
- Added ability to show templates included to group of templates in managed devices view.
- Added ability to use more than 15 countries in geoip restriction in rules.
- Added description for detected applications on traffic log page.
- Added error message when connecting to Cisco VPN in Site-to-Site case and preshared key is not matched.
- Added new widget for total unique user count for a period of time.
- Added sorting to users list.
- Added support for DES crypto algorithm to VPN.
- Added traffic monitoring page in diagnosis section to show users connections in real time with in and out speed.
- Added validation for entered values in Key field of network adapter settings in OSPF configuration.
- Added warning if set proxy server to use standard ports (80, 443).
- Added warning page for Force changes button in Firewall policy settings.
- Improved and optimized processing of content filtering rules.
- Improved and speed up content filtering processing of users requests.
- Improved check for interface is not used in any of routing protocols in virtual routers while deleting the interface from virtual router.
- Improved displaying of found users, added first and last name along with username.
- Improved DNS service stability on UDP.
- Improved error message for situations where no connectivity between cluster's nodes.
- Improved IDPS stability.
- Improved L7 application processing.
- Improved modules loading procedure during boot process.
- Improved naming for UGOS updates for LogAn, NGFW and MC.
- Improved process of changing rule type from SNAT to PBR.
- Improved proxy server stability in some modes.
- Improved replication stability of libraries lists between cluster's nodes.
- Improved search for content of fields in content filtering rules.
- Improved server's boot speed if server has at least one interface configured with DHCP address and DHCP sends hostname.
- Improved some fields on registration form.
- Improved stability of load balancing if proxy is enabled.
- Improved users state synchronization between cluster nodes.
- Improved validation of path rewrite fields in Reverse proxy rules.
- Improved view of large numbers of elements.
- Improved VPN stability.
- Improved VRF update procedure.
- Improved work with NICs which were removed physically, but still remain in the system.
- Increased time allocated for UserGate to apply firewall rules.
- Removed validation of AD availability when creating AD connector in MC.
- Fixed bond interface work in specific modes.
- Fixed DNS errors for some specific DNS requests.
- Fixed DNS resolution when default gateways exist in default VRF and client's VRF, and explicit proxy configured.
- Fixed error happened when moving rule to another position in the list.
- Fixed error when calling traceroute command on VPN interface in Diagnostics and monitoring.
- Fixed error when creating load balancing rule and left field port empty on Fallback settings.
- Fixed errors when creating a custom report in LogAn.
- Fixed errors when generating some reports.
- Fixed incorrect displaying of AD users with Cyrillic letters in web access log.
- Fixed incorrect pairs of interfaces for bypass bridge.
- Fixed memory leak in network system under high load.
- Fixed memory leak which happened in some cases.
- Fixed permissions list available for managing from administrators profile.
- Fixed problem incorrect rule placement when creating.
- Fixed problem when content filtering by URL does not work in some cases.
- Fixed problem when UserGate does not accept authentication information from browser and shows Captive portal window.
- Fixed problem when web-console can occupy TCP port which is used for statistics service.
- Fixed problem with ability to get to the web console at addresses login.captive and logout.captive.
- Fixed problem with ability to import arbitrary words to IP lists.
- Fixed problem with adding or deleting of interface to RIP router.
- Fixed problem with applying firewall rules with negate option enabled in source/dest zones condition.
- Fixed problem with authentication Kerberos users after server restart.
- Fixed problem with CLI command catlog.
- Fixed problem with content filtering rules applied to DNS filtering only.
- Fixed problem with content filtering rules with time restriction, which are not triggered on time zone set in general settings.
- Fixed problem with creating IDPS profile.
- Fixed problem with creating more than 16 zones.
- Fixed problem with creation of mail security widget.
- Fixed problem with cyclic block page reload happened in some cases.
- Fixed problem with deleting bond interface from CLI.
- Fixed problem with DHCP-relay configuration is not saved.
- Fixed problem with disconnection from some sites, if client is in VRF.
- Fixed problem with DNS proxy and clients connected from VRF.
- Fixed problem with DNS rules do not work.
- Fixed problem with downloading files from ftp servers via ftp over http in browser.
- Fixed problem with downloading of all routes in Diagnostics and monitoring.
- Fixed problem with empty backup files created after update to 6.1.2.
- Fixed problem with erasing routes and gateways created from CLI after first initialization of UserGate.
- Fixed problem with error while stopping running ping command in diagnostics and monitoring.
- Fixed problem with errors while adding http cache exclusions.
- Fixed problem with excessive resources use by displaying of blocking page.
- Fixed problem with exhausting number of licensed users by connections to not existing services on UserGate and DNAT and port map publications.
- Fixed problem with exporting certificate with chain.
- Fixed problem with filtering and sorting in applications.
- Fixed problem with filtering by MIME type.
- Fixed problem with filtering by referrer.
- Fixed problem with filtering by SNI, if SNI is in capital letters.
- Fixed problem with gateway received from DHCP takes over manually assigned default gateway after reboot.
- Fixed problem with importing morphology lists.
- Fixed problem with inability to move NAT rules.
- Fixed problem with inability to change language on login page.
- Fixed problem with inability to check connectivity to AD controller, if AD connector object delivered from MC.
- Fixed problem with inability to disable logging in NAT and routing rules.
- Fixed problem with inability to run OSPF on VPN interfaces.
- Fixed problem with inability to save SSL profile in some cases.
- Fixed problem with inability to select applications by application categories in firewall rules.
- Fixed problem with incorrect administrators permissions shown in web console after applying UGOS update in some cases.
- Fixed problem with incorrect closing of users' sessions which led to strange connectivity problems.
- Fixed problem with incorrect displaying of number of static routes defined in virtual router.
- Fixed problem with incorrect DNS resolution for child domains in DNS rules.
- Fixed problem with incorrect export of custom morphology lists.
- Fixed problem with incorrect L2TP tunnel re-creation if it existed before and was broken.
- Fixed problem with incorrect OSPF zone deletion.
- Fixed problem with incorrect processing of content filtering rules with option negate enabled for users condition.
- Fixed problem with incorrect processing of rules for a local group of users who self registered via Captive portal.
- Fixed problem with incorrect work of rules with time restriction.
- Fixed problem with installed update is listed as available again during cluster configuration update.
- Fixed problem with IP list is not applied on the second cluster node.
- Fixed problem with Kerberos authentication in transparent mode.
- Fixed problem with no filtering by URL if SSL inspection is on and capital letters are used for address in browser.
- Fixed problem with no logging for SSL inspection rules.
- Fixed problem with no soring in IDPS profiles.
- Fixed problem with no SSH inspection rules are in exported config.
- Fixed problem with no username and user's IP address on blocking page if block page is shown on another device in a cluster.
- Fixed problem with non-blocking HTTP/S based applications by firewall rules in transparent proxy mode.
- Fixed problem with not showing URL category on the block page for which it was blocked.
- Fixed problem with opening web sites by IP address via explicit proxy.
- Fixed problem with PMTU is not delivered to client if client has explicit proxy configured in browser.
- Fixed problem with proxy server doesn't work on custom port.
- Fixed problem with removing one existing DHCP option while adding another one.
- Fixed problem with routes and gateways which were created in CLI are not shown in web console in some cases.
- Fixed problem with rules with domain groups are not applied to users.
- Fixed problem with scenarios which configured for a domain group.
- Fixed problem with searching in IPS profiles.
- Fixed problem with sending notifications for configurations changes.
- Fixed problem with shaping of HTTP/HTTPS traffic.
- Fixed problem with showing Warning page for content filtering rules with action warning, which happened if blocking content is embedded into another page.
- Fixed problem with Site-to-Site VPN disconnection if no traffic are passed over tunnel.
- Fixed problem with slow downloading speed if SSL inspection is enabled.
- Fixed problem with SSL handshake error with no NAT in transparent proxy.
- Fixed problem with SSL inspection in transparent mode if rule contains condition for domain or category.
- Fixed problem with SSL inspection in user's VRF.
- Fixed problem with traffic capturing.
- Fixed problem with UDP packet loss on high load.
- Fixed problem with unlocking of previously locked administrators.
- Fixed problem with uploading logs to ftp servers.
- Fixed problem with URL lists containing domains in Cyrillic.
- Fixed problem with UserGate crashes with bridge interfaces in some cases.
- Fixed problem with users authenticated by Windows agent lose connectivity in cluster, if one cluster node became unavailable.
- Fixed problem with using of predefined applications group ALL in firewall rules.
- Fixed several issues with configuring VRF.
UserGate 6 Release (build 6.1.2.10523R, 19/05/2021)
Сhanges in version 6:
- Added ability create reports for up to 100000 users.
- Added ability to use underscore symbol in VPN preshared key.
- Improved applying of big IDPS signatures list.
- Improved cluster stability with processing of big lists.
- Improved connectivity checker work with NAT configured.
- Improved L7 module stability.
- Improved some displays during device boot.
- Improved SSL inspection processing algorithm.
- Improved UserGate stability.
- Fixed Bad request error when connecting to Captive portal in cluster configuration.
- Fixed basic authentication for https traffic.
- Fixed concurrent write to users table problem.
- Fixed error in SSH inspection rules allowed to set incorrect service in the rule.
- Fixed error which allowed to remove template from UGMC which was in us on UserGate device.
- Fixed errors which can cause conntrack table overflow.
- Fixed high memory usage when sending big files over UserGate.
- Fixed memory leak.
- Fixed PEER field absence in PPPoE connection.
- Fixed problem allowing to delete phone list which is in use in rules.
- Fixed problem of default gateway over PPPoE connection.
- Fixed problem of disconnecting Site-to-Site VPN if no traffic transmitted.
- Fixed problem of gateways disappeared after device rebooted.
- Fixed problem when content filtering rule was not updated if morphology dictionary updated.
- Fixed problem when newly created firewall rule does not set to specified position in the rules list.
- Fixed problem with exporting URL lists containing unicode symbols.
- Fixed problem with incorrect route adding via CLI.
- Fixed problem with Negate action in SSH inspection rules.
- Fixed SSL inspection rule, if it is created with specific service set.
UserGate 6 Release (build 6.1.1.10462R 26/04/2021)
Сhanges in version 6:
- Added ability to show RIP routes in web-console.
- Added ability to show traffic load by users.
- Fixed error Object not found when deleting IP address from the IP list.
- Fixed problem when object was deleted in UGMC, but it was in use in local rules.
- Fixed problem with adding a gateway with interface set to auto.
- Fixed problem with adding custom morphology list.
- Fixed problem with connectivity checker after new gateway added.
- Fixed problem with content filtering rules which do not work for explicit proxy clients and destination zone set.
- Fixed problem with exporting logs by cron timer.
- Fixed problem with loop block page redirect for explicit proxy users and external block page.
- Fixed problem with loosing packets of VIPNet VPN traffic.
- Fixed problem with making report Configuration changes summary by components.
- Fixed problem with NAT rules which stops working sometimes.
- Fixed problem with no emails sent over UserGate if Mail security is enabled.
- Fixed problem with non working default gateway for PPPoE connection.
- Fixed problem with proxying of DNAT traffic.
- Fixed problem with sending data to all ICAP servers in ICAP load balancer.
- Fixed saw-graph of current users in the Dashboard.
- Improved default mail security rule - added services SMTPS and POP3S.
- Improved grid view of rules with session start and every packet logging.
- Improved open sockets management.
- Improved performance of displaying large number of firewall rules.
- Improved performance of UserGate URL categories matching.
UserGate 6 Release (build 6.1.0.10409R, 9.04.2021)
Main changes in version 6:
- Added support for centralized management of Usergate devices with UserGate Management Center.
- Added VRF support.
- Added multicast routing support. UserGate supports Source Specific Multicast (SSM) and Any Source Multicast (ASM) modes, and IGMPv3 и IGMPv2 protocols for endpoints.
- Added RIP support.
- Firewall performance measured on IMIX traffic increased up to 10 times.
- Web filtering performance increased in several times.
- Developed new high performance IDPS engine.
- Improved performance of rule processing algorithm.
- Improved performance of LDAP authentication process.
- Added SSH inspection.
- Added ability for granular control of SSL inspection.
- Added support for Russian GOST TLS for UserGate services and SSL inspection.
- Added support for OPCUA SCADA protocol.
- Added support for processing of mirrored SCADA traffic.
- Added change control for all or specific changes made by administrators.
- Increased number of security zones to 255.