We are pleased to announce the immediate availability of Astaro Security Gateway V7.006. The new release not only includes bug-fixes and enhancements, but also a series of important new features like:
The Web Security in-line report has been significantly improved. The web usage tab now displays comprehensive statistics, detailing the most active web users and most frequented domains. Time ranges for this feature may be specified.
Log file filtering and search:
You may now filter and search through archived log files by using a new tab under the “Logging/View Log files” section. This simplifies the process of locating specific entries.
Base license with proxy functionality:
The base proxy functionality for HTTP/FTP/SMTP/POP3 (including HTTP Cache and authentication) is now available within the ASG base license. If you do not require applications such as anti virus or anti spam, the Email or Web Filtering subscriptions no longer need to be purchased.
Enhanced QoS configuration:
Instead of clicking through individual tabs for each QoS-enabled interface, you are now able to define bandwidth pools on the new interfaces tab. This largely enhances the configuration of QoS profiles.
Backup heartbeat interface:
You are now able to configure a backup heartbeat interface for HA configurations. This prevents occurrences where both the master and the slave try to become the master at the same time (master-master situations). These situations occur for example, because of an HA synchronization interface failure or due to an unplugged network cable.
eDirectory synchronization improvements:
Administrators can now set intervals (in seconds) where the Astaro Security Gateway will work to synchronize its user database with the eDirectory server.
Custom DynDNS settings:
It is now possible to freely enter custom DynDNS hostnames, for example, “www.example.com, mail.example.com, example.com”
Improved ACC compatibility:
Version 7.006 contains a new device agent for enhanced interoperability with Astaro Command Center.
Regeneration of VPN Signing CA:
You are now able to regenerate the VPN Signing CA which was created during the initial setup of the unit. The VPN Signing CA is the certificate authority who signs digital certificates for use with remote access and site-to-site VPN connections.
The new release also corrects various outstanding issues. These issues previously affected the SMTP Proxy (large message ID) and generated kernel freezes with the smaller ASG devices as well as with hardware accelerated anti-virus scanning. The handling for packet filter rules has been improved when additional addresses are in use. The possibility to edit/delete these interfaces after importing a V6 backup has also been addressed. The backend system now also allows the definition of usernames using numbers only.
- Firewall will reboot after Up2Date!
- Please note: Because of a WebSecurity database integrity check performed after(!) the reboot, the firewall is maybe some minutes (up to one hour) under high load, depending on the hardware (CPU power, hard disk speed) and database size.
- Existing configuration will not be changed
- Added CA import and regeneration
- Added backup interface for HA and Cluster
- Changed subscription licensing model back to V6 style
- Improved WebSecurity reporting
- Improved logfile handling
- Improved logging/performance of accounting data
- Improved eDirectory performance for large eDir-trees
- Fixed kernel freezes on smaller machines
- Fixed kernel freezes with Hardware-Acceleration
- Please check also the V7 release notes PDF.
Fix : Broken rendering of WebAdmin tabs in QoS settings
Fix : Dyndns-custom only supports one hostname
Fix : Error while scanning emails may stop SMTP proxy
Fix : Pattern Up2Dates on cluster nodes running very slow
Fix : User objects fail to be created when user name contains a numeral
Fix : Authentication daemon restarting in eDirectory environments
Fix : Online help will not open when WebAdmin language is set to Japanese or Chinese
Fix : Mail processing stops at message ID 1000000
Fix : Middleware stops working with unresolved routing targets
Fix : Disabled End User Spam report enabled after editing custom text
Fix : Packetfilter rules not set correctly when using additional addresses
Fix : Sorting of policy routes not working correctly
The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version. There are two ways to apply an Up2Date package to the system (All Up2Dates are GNUPG-signed!):
- Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
- Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum:88dda57d90405743faa8b3511f39260c Size :102,610,337 bytes)
HTTP: Astaro US – Astaro US2 – Astaro Germany – Astaro Germany2 – Australian Mirror – Austria Mirror – Japanese Mirror
FTP: Astaro US – Astaro US2 – Astaro Germany – Astaro Germany2 – Australian Mirror – Austria Mirror – Japanese Mirror
If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. “[7.006] new e1000 driver boosts my new intel card”).
There is also a demo server to check ASG V7: http://demo.astaro.com
Your Astaro R&D team
The original article/video can be found at Up2Date 7.006 released [Middle]