Changes in UserGate 7

UserGate 7.1.0 (build 7.1.0.1704R, 02.04.2024).

Сhanges in new version:

  • [SUM-219] Improved performance of the RDP protocol via the Web portal.
  • [SUM-3180] Added the ability to use environmental conditions (HIP profiles) when used together with UserGate Client.
  • [SUM-3191] Added the ability to create Loopback interfaces.
  • [SUM-3212] Added BIOS low battery warning for C150 and X10 hardware platforms.
  • [SUM-3284] Added support for Bidirectional Forwarding Detection (BFD) in OSPF/BGP.
  • [SUM-3349] Added support for authentication using a client certificate on the Captive portal, web portal, for accessing resources published through a reverse proxy, logging into the web console and connecting via VPN.
  • [SUM-3352] Added disk load metric to the Dashboard.
  • [SUM-3416] Improved functionality of the ping command (MTU control along the traffic path, support for VRF tags).
  • [SUM-3449] Added the ability to monitor the availability of DNS servers via API.
  • [SUM-3486] Added the ability to use a cascade proxy to provide users with access to the Internet, download updates and register the product.
  • [SUM-3551] Added the ability to emergency manage NGFW in case the Management Center is unavailable.
  • [SUM-3565] Added setting for automatic termination of the administrative session when inactive.
  • [SUM-3574] Added the ability to roll back to a previous version when installing a UGOS update.
  • [SUM-3575] Added remote diagnostic mechanisms for devices located in a closed network loop.
  • [SUM-3600] Added the ability to create nested groups of IP addresses.
  • [SUM-3617] Added support for DHCP option 121.
  • [SUM-3668] Added the ability to use lists from libraries, as well as Geo-ip lists in the zone services availability settings.
  • [SUM-3685] Added DPD mode selection for client/server security profiles.
  • [SUM-4202] Added the ability to select the required elliptic curve algorithms in SSL inspection profiles.
  • [SUM-4266] Added the ability to create nested service groups.
  • [SUM-4721] Added the ability to configure work with an LDAP connector on a non-standard port.
  • [SUM-4783] Added a URL category for blocking resources with neural networks.
  • [SUM-4857] Added UserID functionality for transparent authentication using Active Directory and Syslog logs.
  • [SUM-5246] Implemented WAF functionality as a release candidate.
  • [SUM-5563] Added the ability to display blocking pages via https.
  • [SUM-5628] Added limitation of sessions from one IP address.
  • [SUM-7687] Added support for temperature stability of C150 and X10 processors.
  • [UGDNS-9064] Added the ability to create L2 and L3 bridges simultaneously.
  • [SUM-3218] New mechanism for implementing L7 application definition, allowing you to create your own signatures using UserGate Application and Security Language (UASL).
  • [SUM-3459] Added OSPF monitoring to the web console.
  • [SUM-3598] An improved IDS implementation mechanism that allows you to create your own signatures using UserGate Application and Security Language (UASL).
  • [SUM-3616] Improved processing of DNS queries by the IDPS module.
  • [SUM-3630] Added the ability to administer blocked from IDPS IP addresses.
  • [SUM-3675] Added the ability to select the signatures to use.
  • [SUM-4330] Added the ability to check SSL encrypted traffic using IDS if decryption rules are available.
  • [SUM-4730] Added the ability to add sections to favorites and display only these sections in the web interface.
  • [SUM-4865] The SCADA/APCS functionality is transferred to the IDS mechanism.
  • [SUM-4865] The principle of IDS configuration has been changed: IDS rules have been abolished in favor of selecting an IDS profile in the allowing firewall rules. In the IDS profile, you can select an individual action for each signature.
  • [SUM-5651] Added the ability to record traffic when ITS signatures are triggered.
  • [SUM-3613] The CLI functionality has been expanded compared to version 7.0.
  • [SUM-3659] Added command to display PMC operating time in CLI in C150 and X10.
  • [SUM-3517] Added the ability to configure IDS using the CLI.
  • [SUM-4424] Added new diagnostic, monitoring and troubleshooting capabilities using CLI commands: viewing and resetting interface counters, displaying established sessions, displaying UseGate flow rules.
  • [SUM-5571] Added the ability to run packet capture in the CLI without creating a rule.
  • [SUM-7672] Added the ability to export settings via scp
  • [SUM-7203] Developed and released UserGate Client - software for Microsoft Windows that allows you to remotely control user computers using a local firewall, taking into account compliance requirements and providing VPN access with support for the IKEv1 and IKEv2 protocols.
  • [SUM-3349] Added support for the IKEv2 protocol with the ability to authenticate using certificates or login/password (EAP-MSCHAP v2).
  • [SUM-4331] Added the ability to use FQDN as the VPN server address in a VPN client rule.
  • [SUM-3560] Added the ability to statically bind an IP address to a VPN user.
  • [SUM-6775] Added VPN Split tunneling function for UserGate Client end devices.

UserGate 7.0.1 (build 7.0.1.1022R, 04.12.2023).

Сhanges in new version:

  • [UGDNS-20701] Fixed an error connecting to the server when trying to scroll through the list of IP addresses.
  • [UGDNS-20943] Fixed an error that occurred when creating a backup using standard tools.
  • [UGDNS-21006] Reduced the time to switch the Master role in a failover cluster.
  • [UGDNS-21013] The PBR rule settings in the cluster are not applied correctly if the rule uses the gateway of another node.
  • [UGDNS-21052] Fixed an issue with handling large email attachments.
  • [UGDNS-21372] Fixed the mechanism for forcing network ports to be disabled on C150 devices.
  • [UGDNS-21315] Fixed a bug in the ARM version update mechanism, which could lead to the device not working.
  • [UGDNS-20947] Fixed an error when running the pre-configured 'Webaccess detailed report' report.
  • [UGDNS-21613] Fixed memory leak in BPF module.
  • [UGDNS-22144] Fixed a bug leading to an emergency stop of the system when TLS inspection is enabled and the traffic volume is more than 450 Mbit/sec.
  • [UGDNS-22146] Fixed a bug in the algorithm for determining the next month in monthly operations.
  • [UGDNS-22147] Fixed scripting in NAT rules with PBR type.
  • [UGDNS-22264] Improved performance of antivirus software.

UserGate 7.1.0 (Release Candidat build 7.1.0.1605RC, 16/11/2023).

Сhanges in new version:

  • [UGDNS-4674 ] Added logging of SMTP(S) traffic.
  • [UGDNS-9695 ] Improved search for rules using ipSource, ipDest and user filters.
  • [UGDNS-10672] WAF (Web Application Firewall) functionality has been implemented.
  • [UGDNS-12355] Added restriction of sessions from one IP address.
  • [UGDNS-13043] Added a mechanism to disconnect managed devices from the MC.
  • [UGDNS-13347] Added a timer to automatically close the admin session.
  • [UGDNS-13769] Added the ability to write custom signatures and L7 applications using UASL (UserGate Application and Security Language).
  • [UGDNS-14725] Added the ability to create L2 and L3 bridges simultaneously.
  • [UGDNS-14987] Added the ability to select the required elliptic curve algorithms in SSL inspection profiles.
  • [UGDNS-15167] Added the ability to configure work with an LDAP connector on a non-standard port.
  • [UGDNS-15517] Added UserID functionality for transparent authentication using Active Directory and Syslog logs.
  • [UGDNS-15397] Added dark interface theme.
  • [UGDNS-15960] Added compliance-based access control for end devices with installed UserGate Client software to the network.
  • [UGDNS-16093] Added OSPF monitoring to the web console.
  • [UGDNS-16687] Added an Alias field in the interface properties for working with SNMP.
  • [UGDNS-16918] Added DNS query logging when DNS filtering is enabled.
  • [UGDNS-16931] Improved processing of DNS queries by the IDS module.
  • [UGDNS-17072] Added the ability to control the fastpath module via the CLI.
  • [UGDNS-17216] Added the ability to monitor access to DNS servers via API.
  • [UGDNS-17475] Added the ability to allow individual application traffic.
  • [UGDNS-17591] Added the ability to specify the VPN server address in FQDN and CIDR format.
  • [UGDNS-17881] Added support for SHA-2 family hashing algorithms for SNMP manager authentication.
  • [UGDNS-18093] Added the ability to add sections to favorites and display only these sections in the web interface.
  • [UGDNS-18146] Added the ability to receive Unix system events via TCP and UDP protocols simultaneously.
  • [UGDNS-18253] Added support for client certificate authentication on the Captive portal, web portal, for accessing resources published through a reverse proxy, logging into the web console, and connecting via VPN.
  • [UGDNS-18587] Added VPN Split tunneling feature for UserGate Client end devices.
  • [UGDNS-18775] Enhanced CLI and PMC CLI functionality.
  • [UGDNS-19427] Added the ability to use Unicode characters to specify names and descriptions of rules and objects.
  • [UGDNS-20340] Added logging of emergency conditions of the PAC system in the PMC CLI.
  • [UGDNS-20396] Added support for the IKEv2 protocol with the ability to authenticate using certificates or login/password (EAP-MSCHAP v2).
  • [UGDNS-20484] Added a URL category for blocking resources with neural networks.
  • [UGDNS-20671] Added the ability to run packet capture in the CLI without creating a rule.

UserGate 7.0.1 (hotfix build 7.0.1.1007R, 23/09/2023).

Сhanges in new version:

  • [UGDNS-18036] Fixed error filtering events log entries by user.
  • [UGDNS-19288] Fixed a bug in the CLI that occurred when trying to change the ip address during active ssh sessions.
  • [UGDNS-20298] Improved clock accuracy for the C150 HWA.
  • [UGDNS-20700] Fixed a bug that occurred when importing a configuration using geoip.
  • [UGDNS-20782] Fixed problems with video content loading when SSL inspection is enabled.
  • [UGDNS-20793] Fixed an error in determining the default gateway when rebooting or switching a cluster.
  • [UGDNS-20939] Improved system stability when SSL inspection and IDS are enabled simultaneously.

UserGate 7.0.1 (hotfix build 7.0.1.989R, 31/08/2023).

Сhanges in new version:

  • [UGDNS-17874] Fixed a problem where operations with groups for a local user already authorized by IP address lead to violation of authorization.
  • [UGDNS-18599] Fixed the forming of traffic on the upstream device when creating several VRFs and routing between them.
  • [UGDNS-19074] Fixed HSC front panel functionality.
  • [UGDNS-19148] Fixed problem with loss of interface settings changes after reboot. 
  • [UGDNS-19199] Fixed configuration with Cloud-init.  
  • [UGDNS-19312] Fixed a bug where accessing updated URL lists using the https protocol results in the "BADCERT_NOT_TRUSTED" message.  
  • [UGDNS-19326] Fixed problems with video content loading when SSL inspection is enabled.
  • [UGDNS-19950] Fixed a bug that occurred when editing the "neighbor" BGP in VRF in the not default Event Log.
  • [UGDNS-20275] Fixed C150 HSC crash that occurred after update.
  • [UGDNS-20315] Fixed the deleting of network zone access control and firewall rules from database.
  • [UGDNS-20376] Fixed incorrect import of SNMP configuration from version 6, which causes the error "Error connecting to the server".
  • [UGDNS-20486] Fixed OSPF metrics update when OSPF enabled on Active-Passive HA cluster slave node. 
  • [UGDNS-20579] Improved system stability for C100 platform.
  • [UGDNS-20599] Fixed problem with authentication by certificate on reverse proxy if user is specified in the rule.
  • [UGDNS-20709] Fixed errors that occurred when re-requesting synchronization from NGFW if the configuration generation on the MC takes a long time. 

UserGate 7.0.1 (hotfix build 7.0.1.949R, 02/08/2023).

Сhanges in new version:

  • [UGDNS-18114] Fixed a bug with "blinking" interfaces when working with bond. 
  • [UGDNS-19040] Fixed TCP socket leak causing memory leak.
  • [UGDNS-19367] Fixed the "ICAP is Down" error that occurrs if ICAP server response sent in multiple packets. 
  • [UGDNS-19911] Fixed VPN disconnect issues caused by incorrect VPN client responses to DPD packets. 
  • [UGDNS-19916] Changed the order of selecting the synchronization interface in the failover cluster. The interface marked "Cluster" in the failover cluster properties now takes precedence.
  • [UGDNS-20248] Fixed the problem that caused the C150 device to become inoperable after restoring a backup made earlier by regular means.

UserGate 7.0.1 (hotfix build 7.0.1.905R, 05/07/2023).

Сhanges in new version:

  • [UGDNS-16989] Fixed problem with processing some specific requests over reverse proxy.
  • [UGDNS-18553] Fixed the behavior of SSL inspection rules with Decrypt and forward action.
  • [UGDNS-18663] Fixed incorrect working of ICAP in load balancing mode.
  • [UGDNS-18726] Fixed incorrect operation of the mechanism for transferring Url lists from the Management Center.
  • [UGDNS-18992] Fixed non-optimal distribution of interrupts between interfaces under high load.
  • [UGDNS-19180] Added support for L2 HA cluster.
  • [UGDNS-19265] Fixed an issue where the system might crash on boot on VMWare platform.
  • [UGDNS-19276] Fixed multiple errors in configuration import via API.
  • [UGDNS-19367] Fixed the ICAP is Down error that occurrs if ICAP server response sent in multiple packets.

UserGate 7.0.1 Release (build 7.0.1.826R, 27/04/2023).

Сhanges in new version:

  • Absolutely new version of UGOS. Lightweight and specially designed for high loaded purposes.
  • Added support for new UserGate appliances based on new CPU architectures - UserGate C150, X10.
  • New high performance IDPS engine which allows to create a custom signatures (in future versions).
  • Added cloud-init support.
  • Added ability to use Terraform in cloud init for deploying in VMware vSphere.
  • Introduced UserGate Policy Language (UPL) which is used for defining of security policies from CLI.
  • Absolutely new CLI, which allows to manage every settings of device from a CLI.
  • Added new CLI commands for diagnosis and troubleshooting.
  • Added CLI commands for ARP table managing.
  • Added hit counters for firewall rules.
  • Added ability to dump ingress and egress network traffic.
  • Added ability to send decrypted TLS traffic to external systems (SSL tap).
  • Added ability to save traffic for triggered IDPS events.
  • Added ability to scan encrypted TLS traffic by IDPS engine.
  • Added ability for inspecting of tunnels - GRE, GTP-U and IPSec with no encryption.
  • Added ability to show blocking page over https.
  • Added additional validation checks for software updates and security update.
  • Added ability to create system backup (snapshot) online.
  • Added ability to roll back software updates.
  • Added support for a nested groups of IP addresses.
  • Added support for a nested groups of services.
  • Added partial support for VMWare tools.
  • Added support for QEMU Guest Agent.
  • Added ability to monitor disk I/O utilization via SNMP.
  • New licensing platform.
  • Added support for RestAPI.
  • Added support for LLDP protocol.
  • Improved stability with handling of large number of vlans.
  • Improved security by enabling IOMMU.

UserGate 7.0.0 Release Candidate (build 7.0.0.735RC, 01/09/2022).

Сhanges in new version:

  • Absolutely new version of UGOS. Lightweight and specially designed for high loaded purposes.
  • Added support for new UserGate appliances based on ARM CPU - UserGate C150, X10.
  • New high performance IDPS engine which allows to create a custom signatures (in future versions).
  • Added cloud-init support.
  • Introduced UserGate Policy Language (UPL) which is used for defining of security policies from CLI.
  • Absolutely new CLI, which allows to manage every settings of device from a CLI.
  • Added new CLI commands for diagnosis and troubleshooting.
  • Added hit counters for firewall rules.
  • Added ability to dump ingress and egress network traffic.
  • Added ability to send decrypted TLS traffic to external systems (SSL tap).
  • Added ability to save traffic for triggered IDPS events.
  • Added ability to scan encrypted TLS traffic by IDPS engine.
  • Added ability for inspecting of tunnels - GRE, GTP-U and IPSec with no encryption.
  • Added ability to show blocking page over https.
  • Added additional validation checks for software updates and security update.
  • Added ability to create system backup (snapshot) online.
  • Added ability to roll back software updates.
  • Added support for a nested groups of IP addresses.
  • Added support for a nested groups of services.
  • Added partial support for VMWare tools.
  • New licensing platform.
  • Added support for RestAPI.
  • Added support for LLDP protocol.
  • Improved stability with handling of large number of vlans.
  • Improved security by enabling IOMMU.