UserGate 7.2.0 (build 7.2.0.70211R, 29.11.2024).
Сhanges in new version:
- [FW-518] Added support for FG platform.
- [SUM-0001] Improved performance when working with certain types of network cards based on Intel chips.
- [SUM-0002] Improved performance of working with rules.
- [SUM-10060] Fixed the 'show settings fastpath' command.
- [SUM-10063] Improved processing speed of FW rules, with a large number of rules.
- [SUM-10072] Fixed a bug in the synchronization mechanism when synchronizing a large number of IP addresses.
- [SUM-10120] Added the ability to display and reset authorized users.
- [SUM-10152] Fixed VPN error when using the key update mechanism when the data volume is exceeded.
- [SUM-10179] Fixed handling of subnet prefix ranges in BGP settings.
- [SUM-10280] Improved UPL handler.
- [SUM-10316] Fixed reverse proxy.
- [SUM-10323] Fixed a bug related to the unavailability of PCAP files for downloading.
- [SUM-10349] Fixed IKEv2 VPN operation if the server rule specifies a local group with LDAP users.
- [SUM-10405] Fixed explicit proxy working after reboot.
- [SUM-10426] Improved VPN connection stability.
- [SUM-10445] Fixed unsplit cluster after update.
- [SUM-10455] Fixed a bug to incorrect password updating in the PPPoE settings.
- [SUM-10463] Fixed the operation of SNMP rules after the update.
- [SUM-10494] Implemented functionality for flexible management of the lifetime of LDAP cache entries.
- [SUM-10562] Fixed operation of DHCP relay via tunnel/gre interface.
- [SUM-10578] Fixed search by service ports.
- [SUM-10583] Fixed the operation of an explicit proxy with reverse traffic during a GET request.
- [SUM-10599] Fixed bug in importing alert rules from version 6.1.9.
- [SUM-10615] Fixed a bug due to which simultaneous connections via ssh were not possible.
- [SUM-10752] Fixed memory leak in http_client module.
- [SUM-10834] Added 'Eternal' IP address blocking item to IDPS signatures.
- [SUM-10874] Improved checking of firewall rules in the API so that incorrect values do not break the search.
- [SUM-10909] The IPSec/L2TP connection has been stabilized after the phase 1 update.
- [SUM-10955] Added a new UserID agent that is installed on the domain controller or Windows WEC server and forwards information to the UserID collector via the syslog protocol.
- [SUM-10981] Fixed the process of processing connections to the CLI.
- [SUM-10983] Fixed the operation of transparent authentication when publishing through the web portal of the MS Exchange server.
- [SUM-10998] Fixed a bug leading to the disappearance of interfaces that do not belong to the default virtual router.
- [SUM-11028] Fixed VPN (IPSec) operation after the phase 1 key has expired.
- [SUM-11084] Fixed a settings conflict when a user connects first via IKEv2, and then via IKEv1.
- [SUM-11171] Optimized system performance with a large number of rules (>10000).
- [SUM-11172] Fixed errors that occurred when importing a configuration where Cyrillic was used in the interface description.
- [SUM-11174] Fixed operation of the authentication module when simultaneously authenticating users via UserID and terminal agent.
- [SUM-11197] Fixed the inability to change the interface type from L3 to Mirror in the web interface.
- [SUM-11229] Fixed 'show user-auth' command working with RADIUS users.
- [SUM-11286] Fixed traffic marking by user in case of VPN Site-to-Site.
- [SUM-11290] Changed the default message size value in Example ICAP Server from 0 to 512kb.
- [SUM-11316] Fixed import of tunnel VPN interfaces.
- [SUM-11327] Fixed a bug in the UASL handler, which could lead to violation of signature trigger conditions.
- [SUM-11350] Fixed the operation of the L7 signature filter for the 'Category' field.
- [SUM-11431] Fixed the operation of content filtering rules after a connection timeout error with the LDAP server occurs.
- [SUM-11469] Fixed disappearance of bond type interfaces when updating.
- [SUM-11567]
- [SUM-11606] Fixed configuration import.
- [SUM-11705] Fixed problem with launching the VPN client.
- [SUM-11755] Fixed an error when synchronizing between UGMC and NGFW a template with a CA certificate.
- [SUM-11786] Fixed VPN authentication (IKEv2) via RADIUS.
- [SUM-11804] Fixed the construction of histograms in the dashboard.
- [SUM-11842] Fixed display of tunnel interface traffic in the dashboard.
- [SUM-11880] Added adjustment of the rotation speed of the C150 cooling fan depending on the temperatures
- [SUM-11925] Reduced the delay between authenticating a user and allowing traffic to move from that user.
- [SUM-11990] Fixed work of restrictions on search paths in the LDAP authentication server.
- [SUM-12038] Fixed the work of the ssh service with the MobaXterm client.
- [SUM-12082] Fixed long switching of the 'master' role in a failover cluster in manual mode.
- [SUM-12112] Fixed mechanism for importing network settings from later versions.
- [SUM-12115] Added the ability to hide the license key for cloud solutions.
- [SUM-12238] Fixed login to the Web portal as a local user via TOTP.
- [SUM-12505] Fixed problem with updating URL lists.
- [SUM-12508] Fixed a bug that made it impossible to edit the UserID settings received from the MS after deleting the template.
- [SUM-12823] Fixed problem with importing network configuration to backup cluster node.
- [SUM-12851] Fixed problem with incorrect loopback interfaces restoration from exported config.
- [SUM-12868] Fixed crash of DHCP proxy when configured on more than 4 different interfaces and receiving 'DHCPDISCOVER'.
- [SUM-12881] Fixed problem with disappearing of virtual IP address after updating to 7.2.0 version.
- [SUM-13035] Fixed problem with updating UGMC from previous versions to 7.2.0.
- [SUM-13080] Fixed problem with scroll bar in L7 application profiles.
- [SUM-13119] Fixed problem with loss of cli over ssh access after upgrading from 7.1.2 to 7.2.0.
- [SUM-13154] Fixed problem which happens in some cases when importing configuration from version 7.0.1.
- [SUM-1877] Added ability to use SNMP Proxy with VRF.
- [SUM-5074] The mechanism for assigning zones to a PPPoE interface has been fixed.
- [SUM-7676] Fixed errors in displaying information in tables after manipulating them.
- [SUM-8786] Fixed determination of the destination zone in the case of an explicit proxy.
- [SUM-8845] Added RADIUS sensor for UserID.
- [SUM-8862] Fixed PBR rules working with ICMP Echo-Reply.
- [SUM-8946] Fixed the passage of multicast and broadcast traffic through the L3 Bridge type interface.
- [SUM-8947] Fixed incorrect display of mime-type in logs.
- [SUM-9080] Added more detailed error messages when creating a backup.
- [SUM-9191] Fixed packet loss in L2 bridge mode.
- [SUM-9247] Fixed problem with incorrect import of port-forwarding rules from previously created config.
- [SUM-9362] Fixed the GUI when trying to create a UserID sharing profile.
- [SUM-9373] Fixed an error in the synchronization mechanism between cluster nodes after the connection between them is broken.
- [SUM-9545] Fixed display of blocked IDPS addresses on the Monitoring page.
- [SUM-9578] Fixed an error in saving and synchronizing ME rules between cluster nodes when using nested lists.
- [SUM-9741] Fixed display of information on widgets in the Dashboard.
- [SUM-9809] Fixed work of signatures with .header parameters.
- [SUM-9882] Fixed OSPF error when specifying priority 0.
UserGate 7.2.0 (build 7.2.0.60375R, 07.11.2024). Revoked
Сhanges in new version:
- [FW-518] Added support for FG platform.
- [SUM-0001] Improved performance when working with certain types of network cards based on Intel chips.
- [SUM-0002] Improved performance of working with rules.
- [SUM-10060] Fixed the 'show settings fastpath' command.
- [SUM-10063] Improved processing speed of FW rules, with a large number of rules.
- [SUM-10120] Added the ability to display and reset authorized users.
- [SUM-10152] Fixed VPN error when using the key update mechanism when the data volume is exceeded.
- [SUM-10179] Fixed handling of subnet prefix ranges in BGP settings.
- [SUM-10280] Improved UPL handler.
- [SUM-10316] Fixed reverse proxy.
- [SUM-10323] Fixed a bug related to the unavailability of PCAP files for downloading.
- [SUM-10349] Fixed IKEv2 VPN operation if the server rule specifies a local group with LDAP users.
- [SUM-10405] Fixed explicit proxy working after reboot.
- [SUM-10426] Improved VPN connection stability.
- [SUM-10445] Fixed unsplit cluster after update.
- [SUM-10455] Fixed a bug to incorrect password updating in the PPPoE settings.
- [SUM-10463] Fixed the operation of SNMP rules after the update.
- [SUM-10494] Implemented functionality for flexible management of the lifetime of LDAP cache entries.
- [SUM-10562] Fixed operation of DHCP relay via tunnel/gre interface.
- [SUM-10578] Fixed search by service ports.
- [SUM-10583] Fixed the operation of an explicit proxy with reverse traffic during a GET request.
- [SUM-10599] Fixed bug in importing alert rules from version 6.1.9.
- [SUM-10615] Fixed a bug due to which simultaneous connections via ssh were not possible.
- [SUM-10752] Fixed memory leak in http_client module.
- [SUM-10834] Added 'Eternal' IP address blocking item to IDPS signatures.
- [SUM-10874] Improved checking of firewall rules in the API so that incorrect values do not break the search.
- [SUM-10909] The IPSec/L2TP connection has been stabilized after the phase 1 update.
- [SUM-10955] Added a new UserID agent that is installed on the domain controller or Windows WEC server and forwards information to the UserID collector via the syslog protocol.
- [SUM-10981] Fixed the process of processing connections to the CLI.
- [SUM-10983] Fixed the operation of transparent authentication when publishing through the web portal of the MS Exchange server.
- [SUM-10998] Fixed a bug leading to the disappearance of interfaces that do not belong to the default virtual router.
- [SUM-11028] Fixed VPN (IPSec) operation after the phase 1 key has expired.
- [SUM-11084] Fixed a settings conflict when a user connects first via IKEv2, and then via IKEv1.
- [SUM-11171] Optimized system performance with a large number of rules (>10000).
- [SUM-11172] Fixed errors that occurred when importing a configuration where Cyrillic was used in the interface description.
- [SUM-11174] Fixed operation of the authentication module when simultaneously authenticating users via UserID and terminal agent.
- [SUM-11197] Fixed the inability to change the interface type from L3 to Mirror in the web interface.
- [SUM-11229] Fixed 'show user-auth' command working with RADIUS users.
- [SUM-11286] Fixed traffic marking by user in case of VPN Site-to-Site.
- [SUM-11290] Changed the default message size value in Example ICAP Server from 0 to 512kb.
- [SUM-11316] Fixed import of tunnel VPN interfaces.
- [SUM-11327] Fixed a bug in the UASL handler, which could lead to violation of signature trigger conditions.
- [SUM-11350] Fixed the operation of the L7 signature filter for the 'Category' field.
- [SUM-11431] Fixed the operation of content filtering rules after a connection timeout error with the LDAP server occurs.
- [SUM-11469] Fixed disappearance of bond type interfaces when updating.
- [SUM-11567] Fixed import of Mangement zone from versions 6.1.9.
- [SUM-11606] Fixed configuration import.
- [SUM-11755] Fixed an error when synchronizing between UGMC and NGFW a template with a CA certificate.
- [SUM-11786] Fixed VPN authentication (IKEv2) via RADIUS.
- [SUM-11842] Fixed display of tunnel interface traffic in the dashboard.
- [SUM-11880] Added adjustment of the rotation speed of the C150 cooling fan depending on the temperatures
- [SUM-11925] Reduced the delay between authenticating a user and allowing traffic to move from that user.
- [SUM-11990] Fixed work of restrictions on search paths in the LDAP authentication server.
- [SUM-12038] Fixed the work of the ssh service with the MobaXterm client.
- [SUM-12082] Fixed long switching of the 'master' role in a failover cluster in manual mode.
- [SUM-12112] Fixed mechanism for importing network settings from later versions.
- [SUM-12115] Added the ability to hide the license key for cloud solutions.
- [SUM-12238] Fixed login to the Web portal as a local user via TOTP.
- [SUM-12508] Fixed a bug that made it impossible to edit the UserID settings received from the MS after deleting the template.
- [SUM-1877] Added ability to use SNMP Proxy with VRF.
- [SUM-5074] The mechanism for assigning zones to a PPPoE interface has been fixed.
- [SUM-7676] Fixed errors in displaying information in tables after manipulating them.
- [SUM-8786] Fixed determination of the destination zone in the case of an explicit proxy.
- [SUM-8845] Added RADIUS sensor for UserID.
- [SUM-8862] Fixed PBR rules working with ICMP Echo-Reply.
- [SUM-8946] Fixed the passage of multicast and broadcast traffic through the L3 Bridge type interface.
- [SUM-8947] Fixed incorrect display of mime-type in logs.
- [SUM-9080] Added more detailed error messages when creating a backup.
- [SUM-9191] Fixed packet loss in L2 bridge mode.
- [SUM-9362] Fixed the GUI when trying to create a UserID sharing profile.
- [SUM-9373] Fixed an error in the synchronization mechanism between cluster nodes after the connection between them is broken.
- [SUM-9545] Fixed display of blocked IDPS addresses on the Monitoring page.
- [SUM-9741] Fixed display of information on widgets in the Dashboard.
- [SUM-9809] Fixed work of signatures with .header parameters.
- [SUM-9882] Fixed OSPF error when specifying priority 0.
UserGate 7.1.2 (build 7.1.2.33025R, 27.08.2024).
Сhanges in new version:
- [SUM-10022] Fixed work of DHCP-relay with VLAN type interfaces.
- [SUM-10087] Fixed problem with disabling IKEv1 L2TP in VPN security profile.
- [SUM-10104] Fixed RDP operation via the Web portal.
- [SUM-10120] Added functionality to the CLI for viewing and clearing a user authentication session by username and IP address.
- [SUM-10149] Memory consumption has been optimized when working intensively with storage devices.
- [SUM-10151] Fixed a memory leak related to incorrect rotation of NGFW logs.
- [SUM-10199] Fixed incorrect operation of BGP after the update.
- [SUM-1023] Fixed interface errors in the 'Trace rules' item.
- [SUM-10237] Fixed error when importing configuration from version 6.1.9.
- [SUM-10249] The functioning of the mechanism for deleting a Captive portal rule has been fixed.
- [SUM-10290] Optimized memory consumption by statistics module.
- [SUM-10430] Improved ITS scanning performance in 'intelligent mode' by more than 20%.
- [SUM-10451] Fixed display of the 'Services' list after updating and importing the configuration.
- [SUM-10455] Fixed a bug to incorrect password updating in the PPPoE settings.
- [SUM-10469] Fixed display of the default virtual router in the interface properties.
- [SUM-10487] Added support for Cyrillic in TACACS keys.
- [SUM-10517] Fixed application of settings when setting up OSPF for the first time via the CLI.
- [SUM-10534] Fixed memory leak when using UserID.
- [SUM-10645] Fixed the triggering of the action of the Porotol type specified in the signature, in the case when there are two associated L7 signatures of the Protocol and Application types.
- [SUM-10661]
- [SUM-10739] Fixed disappearance of URL lists in FW rules when synchronizing cluster nodes.
- [SUM-10996] Fixed an error in the operation of cluster VPN interfaces after the update.
- [SUM-11015] Fixed configuration import from version 6.1.9.
- [SUM-11035]
- [SUM-14] Fixed the operation of a transparent proxy server with a session close signal from the server.
- [SUM-2686] Fixed the search mechanism for nested lists.
- [SUM-4984] Fixed the operation of static DNS records after importing the configuration.
- [SUM-7373] Added check for node selection when importing settings.
- [SUM-7885] Added display of all rule objects in a cell of the main table.
- [SUM-8173] Fixed the mechanism for redirecting to a custom blocking page in content filtering rules.
- [SUM-8227] Changed the logic for downloading library updates when entering a product license. A schedule for automatic library downloads is created only for core security libraries. The user configures the update schedule for other libraries independently if necessary.
- [SUM-8271] Improved stability of UGOS.
- [SUM-8460] Fixed a bug in parsing a multi-line response in a transparent proxy in the pop3 and pop3s protocols in a transparent proxy.
- [SUM-8797] Fixed ICAP rules working with the Content-Type field.
- [SUM-8911] The logic for checking the status of the ICAP server has been changed.
- [SUM-8964] Added handling of non-standard behavior of some email clients.
- [SUM-8998] Fixed TOTP operation when user login contains more than 9 characters.
- [SUM-9025] Fixed a bug leading to session termination when using an ICAP balancer.
- [SUM-9103] Fixed the 'source IP' parameter in content filtering rules after the update.
- [SUM-9106] Optimized the work of IDS with NFS.
- [SUM-9191] Fixed packet loss in L2 bridge mode.
- [SUM-9229] Fixed an error when saving changes to templates containing the same objects.
- [SUM-9262] Fixed creating an authentication profile from the user creation dialog.
- [SUM-9280] The mechanism for checking the availability of gateways with different VRFs has been fixed.
- [SUM-9316] Fixed the inability to save a content filtering rule when adding several domain groups to it.
- [SUM-9321] Fixed the filter in the IDPS profile based on the action field.
- [SUM-9324] Fixed creation of nested lists containing large lists.
- [SUM-9326] Added check for using the list in zones before deleting.
- [SUM-9344] Fixed display of authentication profile in administrator properties.
- [SUM-9354] Fixed the 'Don't remind me about this update' flag.
- [SUM-9375] Fixed configuration backup rules.
- [SUM-9416] Added connection control for native VPN clients.
- [SUM-9471] The ability to import a file with network settings through the interface for importing all settings is blocked.
- [SUM-9497] Fixed the work of API functions for deleting and adding signatures.
- [SUM-9560] Fixed the 'destination address' condition in content filtering rules for explicit proxy when SSL inspection is enabled.
- [SUM-9603] Fixed the operation of the SNMP request when specifying a destination IP address to an interface belonging to Loopback.
- [SUM-9628] Added support for Proxy domain names containing two or more dash characters.
- [SUM-9639] Fixed the configuration import mechanism in the cluster.
- [SUM-9706] Fixed reverse proxy working with register when replacing path.
- [SUM-9707] Increased DoS protection thresholds when creating new zones.
- [SUM-9709] Optimized disk space usage for KERBEROS authentication.
- [SUM-9746] Fixed an error that occurred on the rules page when there were a large number of content filtering rules with domain users.
- [SUM-9848] Optimized the use of computing resources by the IDPS mechanism.
- [SUM-9887] Added the ability to copy DSCP labels from an internal packet to an external one, for tunnels such as GRE, IPIP, VXLAN.
- [SUM-9930] Fixed an erroneous mode change in the VPN Server Security Profile when upgrading from previous versions.
- [SUM-9933] Added a 'Do Not Use' marker for the 'VPN Networks' and 'Authentication Profile' fields in the 'VPN Server Rules' window, for use in cases where these fields are not used.
UserGate 7.1.1 (build 7.1.1.12162R, 24.06.2024).
Сhanges in new version:
- [SUM-141] Fixed a bug where the gateway in the properties of which the interface is selected as 'Automatic' may not work.
- [SUM-2804] Fixed VRF operation during external routing.
- [SUM-3] Fixed IPsec connection phase 1 rekeying initiated by VPN server.
- [SUM-4926] Fixed an error occurred when viewing the HA cluster status in CLI if one of the nodes was unavailable.
- [SUM-5069] Fixed errors when several traffic shaping rules were running simultaneously using scenarios with a trigger condition based on traffic limit.
- [SUM-5128] Fixed incorrect assignment of metrics to routes in OSPF on the passive node of the Active-Passive HA cluster when updating router settings.
- [SUM-7243] Fixed operation of ICAP rules when redirecting and balancing traffic to an ICAP servers farm.
- [SUM-7293] Fixed problem with establishing a VPN connection if the received packet contains more than two NAT-D payloads.
- [SUM-7327] Fixed incorrect triggering of related signatures.
- [SUM-7377] Fixed display of the applied L7 application signature action in the traffic log.
- [SUM-7803] Fixed the operation of the user group condition in PBR rules.
- [SUM-7916] Fixed MC-NGFW synchronization of firewall rules using IDPS profile after the objects were deleted in MC.
- [SUM-8069] Fixed continuous output of SSH server errors to the C150 console.
- [SUM-8091] Fixed the operation of DHCP Relay if the DHCP server is located on a network other than the Relay Agent interface.
- [SUM-8105] Fixed a bug that made it impossible to add a filter when creating a Syslog UserID agent.
- [SUM-8229] Fixed the operation of PBR rules that use user groups in their properties.
- [SUM-8254] Fixed operation of bandwidth limit rules when using the 'user' parameter.
- [SUM-8265] Fixed LLDP operation on E1000 and F8000 platforms with UG-NCS225 and UG-NCS410 modules installed.
- [SUM-8284] Fixed a bug causing VPN sessions to break when switching the 'Master' role in a failover cluster.
- [SUM-8296] Fixed periodic failure of synchronization between cluster nodes.
- [SUM-8372] Fixed a violation of the availability of cluster nodes when clicking the 'force apply' button in the list of FW rules.
- [SUM-8400] Fixed SAN encoding when generating CSR.
- [SUM-8422] Fixed interfaces loss on HSC when a copper SFP transceiver module used.
- [SUM-8470] Fixed incorrect assignment of metrics in the Active-Passive cluster when redistributing routes in OSPF.
- [SUM-8473] Fixed processing of lists supplied with a product if they are included in custom ones.
- [SUM-8515] Fixed the mechanism for changing the order of rules.
- [SUM-8516] Fixed import of reverse proxy rules from earlier versions.
- [SUM-8535] Fixed renaming of nested lists.
- [SUM-8544] Fixed errors importing configuration from older versions that resulted in the web console being unavailable.
- [SUM-8552] Fixed the work of VPN widgets in the dashboard.
- [SUM-8562] Fixed an error when importing network settings into an NGFW cluster, which resulted in a 'Error connecting to the server'.
- [SUM-8581] Fixed the 'iface-mode manual' command.
- [SUM-8612] Fixed VPN client security profiles incorrect import from 6.1.x and 7.0.x versions.
- [SUM-8627] Fixed import of BGP configuration that uses BFD profiles.
- [SUM-8645] The logic of how configuration export rules work in a cluster has been changed. Now the rules are individual for each node.
- [SUM-8705] Fixed creation of multiple users on the guest portal.
- [SUM-8729] Fixed the mechanism for deleting tags in ME rules.
- [SUM-8731] Fixed the filter by FW rule tags in the web interface.
- [SUM-8743] Fixed search in widget (dropdown).
- [SUM-8773] Fixed the 'Ignore user list' function when using a mask in a post.
- [SUM-8777] Fixed a bug leading to false messages about overheating on devices like D250.
- [SUM-8797] Fixed ICAP rules working with the Content-Type field.
- [SUM-8808] Fixed DHCP options.
- [SUM-8827] Fixed a bug leading to the loss of identical IP addresses in different VRFs when upgrading from version 7.0.1.
- [SUM-8829] Fixed a bug where the license verification process led to short-term network unavailability on the UserGate node.
- [SUM-8831] Fixed processing issue with application, which can not be matched.
- [SUM-8839] Optimized execution time of the show command when requesting in CLI data with a large number of objects.
- [SUM-8866] Fixed a bug leading to periods of peak CPU load and increased memory consumption.
- [SUM-8950] Fixed MFA by TOTP when connecting via VPN.
- [SUM-8958] Fixed mechanism for importing FW rules using UPL.
- [SUM-8967] Fixed display of reverse proxy servers when there are more than 25 of them.
- [SUM-8990] FTP over HTTP has been fixed.
- [SUM-8995] Fixed the certificate compliance check process for the SSL inspection role.
- [SUM-9015] Fixed installation of https connection via L2 bridge.
- [SUM-9125] Fixed the event log.
- [SUM-9160] Fixed the displaying event log entries about administrators setting update.
- [SUM-9177] Fixed a bug in the logging system that could lead to the loss of log entries after they are rotated.
- [SUM-9227] Fixed routemap in BGP.
- [SUM-9242] Fixed restart of all VPN client rules when one of them is enabled/disabled.
- [SUM-9299] Fixed the operation of client VPN rules when the connection status of the physical interface changes.
- [SUM-9320] Fixed errors occurred when SSL inspection and firewall rules with application profile operate simultaneously.
- [SUM-9544] Fixed a bug where after creating a BGP routemaps filter, the 'Compare by' field cannot be changed.
- [SUM-981] Fixed display of inactive VPN sessions in the VPN section in the Diagnostics and monitoring tab.
UserGate 7.0.1 beta (HotFix build 7.0.1.1052R, 10.06.2024).
Сhanges in new version:
- [SUM-3074] Fixed the operation of an explicit proxy, which led to erroneous termination of connections.
- [SUM-3083] Improved stability of the cluster solution.
- [SUM-3120] Fixed Incorrect operation of the Url list import mechanism.
- [SUM-4962] Fixed the operation of L7 inspection when using FW rules with application groups via UGMC.
- [SUM-5015] Fixed a bug in setting up the logging mechanism, which could lead to the loss of some logs.
- [SUM-7270] Fixed SNMP v2 and v3.
- [SUM-7330] Fixed RDP connections running through the Captive portal.
- [SUM-7397] Removed the ability to export a backup to an SSH server using a login/password pair. Work is only possible using an ssh key.
- [SUM-7586] Fixed BGP over GRE working after rebooting UserGate.
- [SUM-7615] Fixed a bug causing the VPN service to crash on a passive cluster node when transferring the 'master' role.
- [SUM-7641] Fixed incorrect processing of the OPTIONS parameter in ICAP.
- [SUM-7673] Fixed Reverse proxy working with schema identifier.
- [SUM-8281] Fixed a bug where system logs were not downloaded.
- [SUM-8411] Fixed the operation of the Web console after updating the version with dhcp relay enabled.
UserGate 7.0.1 (HotFix build 7.0.1.1051R, 08/04/2024)).
Сhanges in new version:
- [UGDNS-21051] Исправлена работа резервного копирования, после factory reset.
- [UGDNS-21082] Исправлена проблема валидности ключа регистрации временных пользователей после завершения срока его жизни.
- [UGDNS-21614] Устранена причина возникновения предельной нагрузки CPU при использовании списков доменных имен в правилах межсетевого экрана.
- [UGDNS-21739] Стабилизирована работа captive-портала и страницы блокировки после обновления продукта.
- [UGDNS-22024] Добавлена поддержка алгоритма аутентификации sha1 для протокола SNMPv3.
- [UGDNS-22145] Данные TOTP добавлены в конфигурацию резервного копирования.
- [UGDNS-22206] Исправлена ошибочная работа механизма анонсирования BGP.
- [UGDNS-22717] Исправлена утечка памяти в http proxy. Исправлен баг с отправкой неполного тела POST запроса при
- [UGDNS-23198] Исправлена работа ping в CLI на NGFW(c150).
- [SUM-3099] Устранена утечка памяти в модуле SNMP proxy.
- [SUM-3101] Исправлена проблема долгой загрузки, если LDAP-коннектор задан через доменное имя, а не IP-адрес.
- [SUM-3103] Исправлено ошибочное добавление выключенных VLAN интерфейсов в таблицу маршрутизации.
- [SUM-4294] Добавлена возможность исключения подсетей и IP-адресов из рассылки в настройках агентов авторизации и
- [SUM-5048] Исправлен учёт статистики UDP/TCP сессий и снижена нагрузка на дисковый I/O, если в правиле МСЭ включён режим
- [SUM-7788] Исправлена недоступность шлюза после перезагрузки.
- [SUM-219] Improved performance of the RDP protocol via the Web portal.
- [SUM-3180] Added the ability to use environmental conditions (HIP profiles) when used together with UserGate Client.
- [SUM-3191] Added the ability to create Loopback interfaces.
- [SUM-3212] Added BIOS low battery warning for C150 and X10 hardware platforms.
- [SUM-3284] Added support for Bidirectional Forwarding Detection (BFD) in OSPF/BGP.
- [SUM-3349] Added support for authentication using a client certificate on the Captive portal, web portal, for accessing resources published through a reverse proxy, logging into the web console and connecting via VPN.
- [SUM-3352] Added disk load metric to the Dashboard.
- [SUM-3416] Improved functionality of the ping command (MTU control along the traffic path, support for VRF tags).
- [SUM-3449] Added the ability to monitor the availability of DNS servers via API.
- [SUM-3486] Added the ability to use a cascade proxy to provide users with access to the Internet, download updates and register the product.
- [SUM-3551] Added the ability to emergency manage NGFW in case the Management Center is unavailable.
- [SUM-3565] Added setting for automatic termination of the administrative session when inactive.
- [SUM-3574] Added the ability to roll back to a previous version when installing a UGOS update.
- [SUM-3575] Added remote diagnostic mechanisms for devices located in a closed network loop.
- [SUM-3600] Added the ability to create nested groups of IP addresses.
- [SUM-3617] Added support for DHCP option 121.
- [SUM-3668] Added the ability to use lists from libraries, as well as Geo-ip lists in the zone services availability settings.
- [SUM-3685] Added DPD mode selection for client/server security profiles.
- [SUM-4202] Added the ability to select the required elliptic curve algorithms in SSL inspection profiles.
- [SUM-4266] Added the ability to create nested service groups.
- [SUM-4721] Added the ability to configure work with an LDAP connector on a non-standard port.
- [SUM-4783] Added a URL category for blocking resources with neural networks.
- [SUM-4857] Added UserID functionality for transparent authentication using Active Directory and Syslog logs.
- [SUM-5246] Implemented WAF functionality as a release candidate.
- [SUM-5563] Added the ability to display blocking pages via https.
- [SUM-5628] Added limitation of sessions from one IP address.
- [SUM-7687] Added support for temperature stability of C150 and X10 processors.
- [UGDNS-9064] Added the ability to create L2 and L3 bridges simultaneously.
- [SUM-3218] New mechanism for implementing L7 application definition, allowing you to create your own signatures using UserGate Application and Security Language (UASL).
- [SUM-3459] Added OSPF monitoring to the web console.
- [SUM-3598] An improved IDS implementation mechanism that allows you to create your own signatures using UserGate Application and Security Language (UASL).
- [SUM-3616] Improved processing of DNS queries by the IDPS module.
- [SUM-3630] Added the ability to administer blocked from IDPS IP addresses.
- [SUM-3675] Added the ability to select the signatures to use.
- [SUM-4330] Added the ability to check SSL encrypted traffic using IDS if decryption rules are available.
- [SUM-4730] Added the ability to add sections to favorites and display only these sections in the web interface.
- [SUM-4865] The SCADA/APCS functionality is transferred to the IDS mechanism.
- [SUM-4865] The principle of IDS configuration has been changed: IDS rules have been abolished in favor of selecting an IDS profile in the allowing firewall rules. In the IDS profile, you can select an individual action for each signature.
- [SUM-5651] Added the ability to record traffic when ITS signatures are triggered.
- [SUM-3613] The CLI functionality has been expanded compared to version 7.0.
- [SUM-3659] Added command to display PMC operating time in CLI in C150 and X10.
- [SUM-3517] Added the ability to configure IDS using the CLI.
- [SUM-4424] Added new diagnostic, monitoring and troubleshooting capabilities using CLI commands: viewing and resetting interface counters, displaying established sessions, displaying UseGate flow rules.
- [SUM-5571] Added the ability to run packet capture in the CLI without creating a rule.
- [SUM-7672] Added the ability to export settings via scp
- [SUM-7203] Developed and released UserGate Client - software for Microsoft Windows that allows you to remotely control user computers using a local firewall, taking into account compliance requirements and providing VPN access with support for the IKEv1 and IKEv2 protocols.
- [SUM-3349] Added support for the IKEv2 protocol with the ability to authenticate using certificates or login/password (EAP-MSCHAP v2).
- [SUM-4331] Added the ability to use FQDN as the VPN server address in a VPN client rule.
- [SUM-3560] Added the ability to statically bind an IP address to a VPN user.
- [SUM-6775] Added VPN Split tunneling function for UserGate Client end devices.
- [UGDNS-20701] Fixed an error connecting to the server when trying to scroll through the list of IP addresses.
- [UGDNS-20943] Fixed an error that occurred when creating a backup using standard tools.
- [UGDNS-21006] Reduced the time to switch the Master role in a failover cluster.
- [UGDNS-21013] The PBR rule settings in the cluster are not applied correctly if the rule uses the gateway of another node.
- [UGDNS-21052] Fixed an issue with handling large email attachments.
- [UGDNS-21372] Fixed the mechanism for forcing network ports to be disabled on C150 devices.
- [UGDNS-21315] Fixed a bug in the ARM version update mechanism, which could lead to the device not working.
- [UGDNS-20947] Fixed an error when running the pre-configured 'Webaccess detailed report' report.
- [UGDNS-21613] Fixed memory leak in BPF module.
- [UGDNS-22144] Fixed a bug leading to an emergency stop of the system when TLS inspection is enabled and the traffic volume is more than 450 Mbit/sec.
- [UGDNS-22146] Fixed a bug in the algorithm for determining the next month in monthly operations.
- [UGDNS-22147] Fixed scripting in NAT rules with PBR type.
- [UGDNS-22264] Improved performance of antivirus software.
- [UGDNS-4674 ] Added logging of SMTP(S) traffic.
- [UGDNS-9695 ] Improved search for rules using ipSource, ipDest and user filters.
- [UGDNS-10672] WAF (Web Application Firewall) functionality has been implemented.
- [UGDNS-12355] Added restriction of sessions from one IP address.
- [UGDNS-13043] Added a mechanism to disconnect managed devices from the MC.
- [UGDNS-13347] Added a timer to automatically close the admin session.
- [UGDNS-13769] Added the ability to write custom signatures and L7 applications using UASL (UserGate Application and Security Language).
- [UGDNS-14725] Added the ability to create L2 and L3 bridges simultaneously.
- [UGDNS-14987] Added the ability to select the required elliptic curve algorithms in SSL inspection profiles.
- [UGDNS-15167] Added the ability to configure work with an LDAP connector on a non-standard port.
- [UGDNS-15517] Added UserID functionality for transparent authentication using Active Directory and Syslog logs.
- [UGDNS-15397] Added dark interface theme.
- [UGDNS-15960] Added compliance-based access control for end devices with installed UserGate Client software to the network.
- [UGDNS-16093] Added OSPF monitoring to the web console.
- [UGDNS-16687] Added an Alias field in the interface properties for working with SNMP.
- [UGDNS-16918] Added DNS query logging when DNS filtering is enabled.
- [UGDNS-16931] Improved processing of DNS queries by the IDS module.
- [UGDNS-17072] Added the ability to control the fastpath module via the CLI.
- [UGDNS-17216] Added the ability to monitor access to DNS servers via API.
- [UGDNS-17475] Added the ability to allow individual application traffic.
- [UGDNS-17591] Added the ability to specify the VPN server address in FQDN and CIDR format.
- [UGDNS-17881] Added support for SHA-2 family hashing algorithms for SNMP manager authentication.
- [UGDNS-18093] Added the ability to add sections to favorites and display only these sections in the web interface.
- [UGDNS-18146] Added the ability to receive Unix system events via TCP and UDP protocols simultaneously.
- [UGDNS-18253] Added support for client certificate authentication on the Captive portal, web portal, for accessing resources published through a reverse proxy, logging into the web console, and connecting via VPN.
- [UGDNS-18587] Added VPN Split tunneling feature for UserGate Client end devices.
- [UGDNS-18775] Enhanced CLI and PMC CLI functionality.
- [UGDNS-19427] Added the ability to use Unicode characters to specify names and descriptions of rules and objects.
- [UGDNS-20340] Added logging of emergency conditions of the PAC system in the PMC CLI.
- [UGDNS-20396] Added support for the IKEv2 protocol with the ability to authenticate using certificates or login/password (EAP-MSCHAP v2).
- [UGDNS-20484] Added a URL category for blocking resources with neural networks.
- [UGDNS-20671] Added the ability to run packet capture in the CLI without creating a rule.
- [UGDNS-18036] Fixed error filtering events log entries by user.
- [UGDNS-19288] Fixed a bug in the CLI that occurred when trying to change the ip address during active ssh sessions.
- [UGDNS-20298] Improved clock accuracy for the C150 HWA.
- [UGDNS-20700] Fixed a bug that occurred when importing a configuration using geoip.
- [UGDNS-20782] Fixed problems with video content loading when SSL inspection is enabled.
- [UGDNS-20793] Fixed an error in determining the default gateway when rebooting or switching a cluster.
- [UGDNS-20939] Improved system stability when SSL inspection and IDS are enabled simultaneously.
- [UGDNS-17874] Fixed a problem where operations with groups for a local user already authorized by IP address lead to violation of authorization.
- [UGDNS-18599] Fixed the forming of traffic on the upstream device when creating several VRFs and routing between them.
- [UGDNS-19074] Fixed HSC front panel functionality.
- [UGDNS-19148] Fixed problem with loss of interface settings changes after reboot.
- [UGDNS-19199] Fixed configuration with Cloud-init.
- [UGDNS-19312] Fixed a bug where accessing updated URL lists using the https protocol results in the "BADCERT_NOT_TRUSTED" message.
- [UGDNS-19326] Fixed problems with video content loading when SSL inspection is enabled.
- [UGDNS-19950] Fixed a bug that occurred when editing the "neighbor" BGP in VRF in the not default Event Log.
- [UGDNS-20275] Fixed C150 HSC crash that occurred after update.
- [UGDNS-20315] Fixed the deleting of network zone access control and firewall rules from database.
- [UGDNS-20376] Fixed incorrect import of SNMP configuration from version 6, which causes the error "Error connecting to the server".
- [UGDNS-20486] Fixed OSPF metrics update when OSPF enabled on Active-Passive HA cluster slave node.
- [UGDNS-20579] Improved system stability for C100 platform.
- [UGDNS-20599] Fixed problem with authentication by certificate on reverse proxy if user is specified in the rule.
- [UGDNS-20709] Fixed errors that occurred when re-requesting synchronization from NGFW if the configuration generation on the MC takes a long time.
- [UGDNS-18114] Fixed a bug with "blinking" interfaces when working with bond.
- [UGDNS-19040] Fixed TCP socket leak causing memory leak.
- [UGDNS-19367] Fixed the "ICAP is Down" error that occurrs if ICAP server response sent in multiple packets.
- [UGDNS-19911] Fixed VPN disconnect issues caused by incorrect VPN client responses to DPD packets.
- [UGDNS-19916] Changed the order of selecting the synchronization interface in the failover cluster. The interface marked "Cluster" in the failover cluster properties now takes precedence.
- [UGDNS-20248] Fixed the problem that caused the C150 device to become inoperable after restoring a backup made earlier by regular means.
- [UGDNS-16989] Fixed problem with processing some specific requests over reverse proxy.
- [UGDNS-18553] Fixed the behavior of SSL inspection rules with Decrypt and forward action.
- [UGDNS-18663] Fixed incorrect working of ICAP in load balancing mode.
- [UGDNS-18726] Fixed incorrect operation of the mechanism for transferring Url lists from the Management Center.
- [UGDNS-18992] Fixed non-optimal distribution of interrupts between interfaces under high load.
- [UGDNS-19180] Added support for L2 HA cluster.
- [UGDNS-19265] Fixed an issue where the system might crash on boot on VMWare platform.
- [UGDNS-19276] Fixed multiple errors in configuration import via API.
- [UGDNS-19367] Fixed the ICAP is Down error that occurrs if ICAP server response sent in multiple packets.
- Absolutely new version of UGOS. Lightweight and specially designed for high loaded purposes.
- Added support for new UserGate appliances based on new CPU architectures - UserGate C150, X10.
- New high performance IDPS engine which allows to create a custom signatures (in future versions).
- Added cloud-init support.
- Added ability to use Terraform in cloud init for deploying in VMware vSphere.
- Introduced UserGate Policy Language (UPL) which is used for defining of security policies from CLI.
- Absolutely new CLI, which allows to manage every settings of device from a CLI.
- Added new CLI commands for diagnosis and troubleshooting.
- Added CLI commands for ARP table managing.
- Added hit counters for firewall rules.
- Added ability to dump ingress and egress network traffic.
- Added ability to send decrypted TLS traffic to external systems (SSL tap).
- Added ability to save traffic for triggered IDPS events.
- Added ability to scan encrypted TLS traffic by IDPS engine.
- Added ability for inspecting of tunnels - GRE, GTP-U and IPSec with no encryption.
- Added ability to show blocking page over https.
- Added additional validation checks for software updates and security update.
- Added ability to create system backup (snapshot) online.
- Added ability to roll back software updates.
- Added support for a nested groups of IP addresses.
- Added support for a nested groups of services.
- Added partial support for VMWare tools.
- Added support for QEMU Guest Agent.
- Added ability to monitor disk I/O utilization via SNMP.
- New licensing platform.
- Added support for RestAPI.
- Added support for LLDP protocol.
- Improved stability with handling of large number of vlans.
- Improved security by enabling IOMMU.
- Absolutely new version of UGOS. Lightweight and specially designed for high loaded purposes.
- Added support for new UserGate appliances based on ARM CPU - UserGate C150, X10.
- New high performance IDPS engine which allows to create a custom signatures (in future versions).
- Added cloud-init support.
- Introduced UserGate Policy Language (UPL) which is used for defining of security policies from CLI.
- Absolutely new CLI, which allows to manage every settings of device from a CLI.
- Added new CLI commands for diagnosis and troubleshooting.
- Added hit counters for firewall rules.
- Added ability to dump ingress and egress network traffic.
- Added ability to send decrypted TLS traffic to external systems (SSL tap).
- Added ability to save traffic for triggered IDPS events.
- Added ability to scan encrypted TLS traffic by IDPS engine.
- Added ability for inspecting of tunnels - GRE, GTP-U and IPSec with no encryption.
- Added ability to show blocking page over https.
- Added additional validation checks for software updates and security update.
- Added ability to create system backup (snapshot) online.
- Added ability to roll back software updates.
- Added support for a nested groups of IP addresses.
- Added support for a nested groups of services.
- Added partial support for VMWare tools.
- New licensing platform.
- Added support for RestAPI.
- Added support for LLDP protocol.
- Improved stability with handling of large number of vlans.
- Improved security by enabling IOMMU.
включенной NTLM аутентификации на сервере.
терминального сервера.
Log session start.
UserGate 7.1.0 (build 7.1.0.1704R, 02.04.2024).
Сhanges in new version:
UserGate 7.0.1 (build 7.0.1.1022R, 04.12.2023).
Сhanges in new version:
UserGate 7.1.0 (Release Candidat build 7.1.0.1605RC, 16/11/2023).
Сhanges in new version:
UserGate 7.0.1 (hotfix build 7.0.1.1007R, 23/09/2023).
Сhanges in new version:
UserGate 7.0.1 (hotfix build 7.0.1.989R, 31/08/2023).
Сhanges in new version:
UserGate 7.0.1 (hotfix build 7.0.1.949R, 02/08/2023).
Сhanges in new version:
UserGate 7.0.1 (hotfix build 7.0.1.905R, 05/07/2023).
Сhanges in new version:
UserGate 7.0.1 Release (build 7.0.1.826R, 27/04/2023).
Сhanges in new version:
UserGate 7.0.0 Release Candidate (build 7.0.0.735RC, 01/09/2022).
Сhanges in new version: