TrustGate Release 16.2.18025

Release notes for TrustGate version 16.2.18025

Read below or download here.

**************************************************************************** Software Release: Secomea ONS 16.2 build 18025 - public release Release Date: 2017-01-19. **************************************************************************** (c) Copyright 2018, Secomea A/S. All rights reserved. **************************************************************************** **************************************************************************** Scope and product information **************************************************************************** This is Secomea TrustGate release 16.2 build 18025. This release note describes changes since release 16.1 build 17465. Products and firmware codes covered: ------------------------------------------------ TrustGate 60 (AUX) - v1060 TrustGate 61 (AUX) - v1061 TrustGate 62 (DMZ) - V1062 TrustGate 160 - v50 TrustGate 260 - v51 TrustGate 164 - v164 TrustGate 264 - v264 TrustGate 460R - v1460 TrustGate 560R - v1560 TrustGate SoftClient - v43 **************************************************************************** 1. Highlights of this release **************************************************************************** - Install Wizard for TrustGate SoftClient to handle Windows Security patch. - Bug fixes and new features **************************************************************************** 2. New features and improvements **************************************************************************** - Early 2018 Microsoft has released security updates KB4056890 through KB4056899 which cause 64-bit Windows systems to hang when starting TrustGate SoftClient 16.1 and older. Secomea has prepared a new SoftClient installer that will detect the state of your computer and offer choices to automatically patch your computer. The installation Wizard will prompt and guide you through the options to make the computer and TrustGate SoftClient work again. (#9126) For more information, search the Secomea support site for the keyword "meltdown". - Extended SNMP OID list with CPU/Process and memory statistics. (#9033) Added UCD-SNMP-MIB and HOST-RESOURCES-MIB handlers. **************************************************************************** 3. Bug fixes **************************************************************************** - Fixed a potential stack corruption in ACM. (#9119) - Harden XSS checks for various input fields. (#7674) - Fixed issue creating new Firewall Chain. Regression in release 16.1. (#9048) **************************************************************************** 4. Removed or disabled features **************************************************************************** - N/A. **************************************************************************** 5. Known issues or limitations **************************************************************************** The following are not specific new for this release. - TrayIcon: Showing Yellow after Notebook return from sleep mode. This is a known issue and the SoftClient need to be restarted to recover full functionality. (#9120) - TrayIcon: The TrayIcon don't always show all-GREEN even if the VPN tunnel(s) are fully operational. This is a known issue that the status line in the TrayIcon don't always get updated correct. (#3589) - Change of MTU size on Dual/Triple-WAN appliances might need a reboot. In some cases the WAN priority is not applied correctly so it is more safe to make an additional reboot after a MTU size change. (#8983) - System log reports nf_conntrack (#9007) In some cases the TrustGate system log will show: .. kern.info nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. .. As for now the log entry is for information only but we will monitor the development and keep it under observation in case new knowledge arise. - System instability may occur if a USB adapter (WiFi or 3G) is unplugged from a running appliance; you should always power the appliance off before unplugging the USB device. - Tunnel Agents: A Tunnel Agent will only work if the appliance itself is covered by the Local Network of the tunnel. In other words, it must be possible to send a ping packet from the appliance itself to the specified IP address through the tunnel. To test this, use the Status > Ping/Trace function and ping the remote IP address you want to target with the Tunnel agent. - Known limitation: Performance issue on Tunnels using VPN Load Balancing. There is a performance issue if the tunnel to a remote site is using VPN Load Balancing and at the same time is using two internet connections with very different packet delay. This may result in packet retransmissions. Some systems seem to be more affected by this than others. The problem decreases as the number of clients increases. The problem is related to the TCP protocol not being capable of receiving reordered frames with too much time variation. See below for a possible workaround. - ET supports VPN Load Balancing and Tunnel Failover. Note, however, that if the Client is NAT'ted, only Tunnel Failover is supported. - Manual tunnels support Tunnel Failover to WAN3 like TG264. However, VPN Load Balancing is not supported for WAN3. Instead, you can distribute the VPN load across WAN interfaces by configuring the peers differently. E.g.: configure peer1 to use the WAN(1) address as the primary address, configure peer2 to use the WAN2 address as the primary address, etc. **************************************************************************** 6. Upgrade information **************************************************************************** - General upgrade information ----------------------------- - If you do not have an Easy Service agreement, it is illegal to install this firmware upgrade. - It is always recommended that you make a full configuration backup before you start a firmware upgrade. - Please notice that TrustGate SoftClient must be upgraded by running the Setup program corresponding to the Windows architecture (32 or 64 bit) using an administrator account. **************************************************************************** *** END ***
Creation date: 13/01/2020 21:29 (skr@secomea.com)      Updated: 13/01/2020 21:29 ()