With 7.004 the HTTP Proxy performance for large downloads will be improved, several eDirectory issues fixed and some other smaller problems solved. Read on for a more detailed description.
Main topics in 7.004
- Several issues concerning Novells eDirectory authentication get addressed. Most of them cover problems in large installations where the authentication via eDirectory becomes very slow or fails. This is often due to a fallback to standard mode or problems accessing certain objects in the eDirectory (e.g., containers).
- The behavior of the HTTP Proxy for handling large objects changes. Prior to this Up2Date, all objects were stored in memory, which can overload especially small machines when downloading large files such as ISO images. Also downloads may be interrupted by the selfmonitoring subsystem responsible for restarting the HTTP Proxy if a regular response/load check fails. Now the HTTP Proxy stores larger downloads on disk, which will reduce the memory consumption and improve the overall performance. The HTTP Proxy now also supports Active Directory authentication in cluster mode.
- For SMTP Proxy some small issues such as the missing hostname in the banner greeting, problems with special characters with smarthost authentication, a possible loop while rescanning a message and a possible error while scanning e-mails in HA mode are addressed.
- SSL VPN users having special characters in their certificate can now establish VPN connections to the ASG.
- An issue in the IP counting subsystem (part of the licensing mechanism) concerning the detection of ARP requests and portscans as valid IP addresses is fixed.
- Some users of the ASG 425 already using V7 and who started with an early image (7.000) may experience a mix up of the NIC ordering after applying Up2Date 7.003. The original state gets restored with this Up2Date.
- Smaller fixes concerning the Executive Report, NTP (time syncronisation), Additional IPs on interfaces (Alias interfaces), DHCP Server on VLAN interfaces and the reporting subsystem are also included.
ASG V6 backup import
The release of the ASG V6 backup import function has been postponed for 7.005 due to ongoing QA tests. This function is planned for release at the end of May in combination with the ASG V6 appliance upgrade kit. If you require assistance in migrating a V6 installation before this time, please contact your local certified Partner or Astaro support directly.
Up2Date 7.004
Remarks:
- Middleware will be restarted
- Active IP and VPN connections will be restarted
- Existing configuration will not be changed
News:
- Improved HTTP Proxy performance for large downloads
- Fixed PPTP Server Vulnerability CVE-2007-0244
Bugfixes:
Fix [5535]: Font rendering of Executive Report in Outlook 2007 faulty
Fix [5659]: SMTP Banner does not show hostname
Fix [5667]: SSL VPN doesn't work with special characters in certificates
Fix [5671]: eDirectory does not allow to use eDirectory containers in backend groups
Fix [5685]: Traffic graphs still appear in reporting after deleting interfaces
Fix [5735]: Wrong definition of the NTP service
Fix [5756]: DHCP server may serve wrong IPs on VLANs
Fix [5782]: Automatic cleanup of Quarantine Manager not working correctly
Fix [5788]: eDirectory authentication for several users fails
Fix [5790]: SSL client package should install Windows service
Fix [5804]: Special characters not possible in smarthost authentication
Fix [5845]: Active directory authentication does not work on cluster
Fix [5876]: IPSec Roadwarrior Connection not counted in Dashboard view
Fix [5895]: SSL VPN does not check user certificate
Fix [5947]: Executive report shows blank blocked categories
Fix [5951]: Cache size for HTTP Proxy (squid) too small
Fix [5959]: Time not synced via NTP in automatic HA mode
Fix [6094]: MySQL may stop working after time change
Fix [6098]: IP counting for licensing is too strict
Fix [6103]: Empty Source network breaks HTTP proxy profile config
Fix [6148]: Empty hostname for DNS host cause system lockup
Fix [6215]: HA System reports “Error while scanning a message in database”
Fix [6222]: IP rule for IPsec site-to-site remote network missing
Fix [6255]: ASG 425 interface problem after Up2Date to version 7.003
Download Information
All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version. There are two ways to apply an Up2Date package to the system:
- Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
- Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 397371f112f5ded45a2979bbcd966064 Size : 49,028,212 bytes)
Please note: because of a missing restart of the authentication mechanism (AUA) during the Up2Date process some customer experienced problems with authentication of SSL connections. We reloaded the Up2Date and added a restart of AUA (and changed nothing else). If you already installed 7.004 and experience problems with SSL VPN, please reboot the ASG – that will fix the issue. We excuse for the inconvenience caused by this problem!
HTTP: Astaro US – Astaro US2 – Astaro Germany – Astaro Germany2 – Australian Mirror – Austria Mirror – Japanese Mirror
FTP: Astaro US – Astaro US2 – Astaro Germany – Astaro Germany2 – Australian Mirror – Austria Mirror – Japanese Mirror
Feedback
If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. “[7.004] Auto-Backup question”).
There is also a demo server to check the new GUI: http://demo.astaro.com
Your Astaro R&D team
Â
You Can Learn More About the Astaro Internet Security Product Line By Going to www.FirewallShop.com/Astaro.
The original article/video can be found at Up2Date 7.004 released [Middle]