Up2Date 7.003 released [Middle]

This Up2Date fixes several bugs: important, annoying and cosmetic, improves performance of V7 and introduces three new features: USB Stick as configuration storage, NAT support for multiple L2TP over IPSec connections and support for wildcards in exceptions.

Performance Improvements
The overall system performance has been vastly improved. Memory and disk usage have also been reduced in many areas, such as with packet forwarding, AV scanning, temporary http downloads, self-monitoring, IPS hardware acceleration and logging. Furthermore, bandwidth usage for Astaro pattern updates have been reduced by more than 50%.

ASG V6 backup import
The release of the ASG V6 backup import function has been postponed due to ongoing QA tests. This function is planned for release at the end of May in combination with the ASG V6 appliance upgrade kit. If you require assistance in migrating a V6 installation before this time, please contact your local certified Partner or Astaro support directly.

Marvell/Syskonnect Driver changes
Due to an increasing number of system problems using these networking chips (including our ASG425 appliance), we been able to integrate an updated version of this driver which serves to improve the system stability. Since adapting hardware drivers may also affect hardware support, all ASG software users that use Marvell or Syskonnect network cards should first apply this update in their test environment prior to implementing it into a productive system.

New Features

  • Configuration import available through USB Sticks during boot up If you store an unencrypted ASG V7 backup file (with the file extension .abf) on a FAT formatted USB stick, you are able to plug it in before booting. The system will then automatically import and apply this configuration.
  • Multiple L2TP over IPSec clients behind the same NAT router The Remote Access functionality has now been extended to support multiple L2TP over IPSec clients behind the same NAT-Router for connection with the ASG. It should be noted that the hostname for these clients will need to differ.
  • Support for wildcards in exceptions The exceptions for HTTP, SMTP and POP3 now also support wildcards for the sender, recipient addresses as well as the target domain fields. For example:
    – Sender Address: *@astaro.com
    – Target Domain: *.astaro.com


The update includes more than 80 bugfixes for many different areas.

The stability and crashing issues associated with the 'bridging' mode and logging have now been fixed. Policy based routing has been improved and now works in all conditions as expected. This includes SNAT/DNAT or FullNAT.

Network Security:
All currently known IPSec VPN issues have been fixed. The SIP parser of the VoIP security module has been enhanced in order to support more SIP providers.

Web Security:
Many fixes and improvements have been included in the HTTP proxy, such as: User's who cancel their download or close their browser whilst downloading a file. The proxy will detect this and abort the download. Improved URL filter categorization. Categorization failures should no longer be a problem. Fragmented HTTP request handling is fixed. Nintendo Wii Updates are now accessible. The slow surfing performance whilst using the HW accelerated AV scanning (ASG 425/525) has been fixed. Blocked access for certain websites when using Internet Explorer 7 has been fixed. Profile assignments have been improved. Assignments based on user groups are now case-insensitive.

Email Security: The framework now features improved stability, properly handling malformed emails. The POP3 email downloads have been improved. The issue of duplicate downloads has also been resolved. POP3 now uses APOP authentication, in the case that the server supports it. SMTP domain, sender and recipients matches are now case-insensitive. This fixes the issue for confidentiality footer, profile assignment as well exception matching. Display errors in the end-user portal email handling have been fixed.  

Open Issues

There are still a few minor open issues that have not been addressed within this up2date. You may want to keep an eye on these issues when using ASG V7 at this time.

  • HTTP Authentication
  • If the HTTP default profile is configured in (Basic Auth, SSO AD or eDir), access will be granted to all users and not just the one's specified in 'Allowed Users and Groups'. There is a workaround available for this issue on the KIL.
  • Active Directory SSO authentication on the cluster does not function correctly at this time.
  • eDirectory does not currently support matching containers as well as support multiple root nodes. eDir SSO does not currently support single users logged onto multiple workstations. V7 installations connected to large eDirectory systems should check that the performance for their environment is sufficient. We plan to address the eDirectory fixes and improvements in the next Up2date (7.004), which is scheduled for mid May.  

Up2Date 7.003


  • Firewall will reboot after Up2Date
  • Existing configuration will not be changed


  • Improved the display of large object lists in WebAdmin
  • Restoring backups by means of a USB flash drive
  • Fixing several bugs in both the POP3 and SMTP proxy
  • Improved IPSec stability Improved Policy Routing
  • Fixing several HTTP proxy problems such as profile handling and the handling of large objects that consume too much memory (note that support for Active Directory Native Mode is still open)
  • Kernel bugfix in bridge mode code
  • Improved Up2Date service and robustness
  • For further information please consult the Up2Date Blog  


Fix [5309]: Broken subject lines quarantine manager
Fix [5384]: Daily Spam Report layout broken in Google Mail
Fix [5404]: RSA keys may be displayed incorrectly
Fix [5568]: Daily Spam Report misses percentage value of blocked e-mails
Fix [5602]: Logmask of HTTP proxy cannot be changed
Fix [5609]: HTTP Proxy allocates a lot of memory
Fix [5613]: Cluster not able to handle IPSec NAT packets
Fix [5652]: Using Internet Explorer, the HTTP proxy fails to display a web page that requires a POST request
Fix [5693]: Sometimes the daily spam report is not created
Fix [5716]: Scalability of object tables in WebAdmin
Fix [5728]: Problems with Full-NAT handling
Fix [5780]: Missing download progress due to unknown content length information
Fix [5781]: Strange POP3 error messages
Fix [5797]: Daily Spam Report mistakenly tagged as spam
Fix [5801]: Authentication exceptions per domain do not work
Fix [5824]: Possible parsing errors concerning SIP control packets
Fix [5844]: Some POP3 messages are downloaded more than once
Fix [5910]: MiddleWare fails when Radius server is unresolved
Fix [5920]: IPSec status view shows wrong status
Fix [5925]: Subject lines in Daily Spam Report corrupted
Fix [5941]: Base64 encoded subjects in quarantine manager are decoded with an error
Fix [5944]: Wildcards in exception lists not allowed
Fix [5963]: Timewarp shell script hangs on MiddleWare restart
Fix [5994]: Empty content-disposition header in the MIME part is rendering the e-mail undeliverable
Fix [5999]: No IPsec traffic after PPPoE reconnect
Fix [6008]: HTTP Proxy logging concerning file extension blocking is incomplete
Fix [6011]: Canceled downloads are not deleted by the HTTP proxy
Fix [6021]: Downloads are not aborted when user leaves downloader page
Fix [6027]: IOS error messages in Exim log – rendering the SMTP proxy inoperable
Fix [6065]: Pluto.pid not deleted after DSL reconnect
Fix [6081]: Confidentiality footer may get added to incoming emails
Fix [6143]: Incorrect BATV ACL check causes all bounces to be rejected

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version. There are two ways to apply an Up2Date package to the system:

  1. Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
  2. Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
    (MD5sum: 9197cb836bcaf9ac0c0b326268e59d76 Size : 68,670,254 bytes)
    HTTP:  Astaro USAstaro US2Astaro GermanyAstaro Germany2Australian MirrorAustria MirrorJapanese Mirror
    FTP: Astaro USAstaro US2Astaro GermanyAstaro Germany2Australian MirrorAustria MirrorJapanese Mirror


If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. “[7.003] POP3 spam blocking problem after change of account password”). There is also a demo server to check the new GUI: http://demo.astaro.com

ISO image asg-7.003.iso: An ISO-image of 7.003 will be released within next days.  

Your Astaro R&D team


You Can Learn More About the Astaro Internet Security Product Line By Going to www.FirewallShop.com/Astaro.

The original article/video can be found at Up2Date 7.003 released [Middle]

Leave a Reply