Astaro is pleased to announce that Astaro Security Gateway V7.1 GA is available now. Version 7.1 integrates exciting new Web Security features like Active Directory SSO native mode, improved performance, lower resource usage (without squid now), intelligent caching, re-added black/whitelist and audio/video streaming support.
On top of that we now support interface based packet filter rules, offer a detailed network accounting report and much more. Furthermore you will experience convenience changes and performance improvements.
What's new in ASG V7.1?
The new HTTP proxy provides the following major enhancements:
Active Directory native mode (NTLMv2/Kerberos)
Added support for NTLMv2/Kerberos authentication, which is required to authenticate against a Windows Domain Controller running in Native Mode.
Concurrent usage of black and white lists per profile
Within HTTP profiles you can now define filter actions that block and allow access to dedicated URLs/sites at the same time.
Streaming media bypass
Scanning of video and audio streams can be selectively disabled in order to avoid delays caused by downloading and scanning the entire stream through the HTTP proxy prior to playing.
Block content before download
File extension filter rules are now applied before downloading a file.
Dynamic configuration changes without restart
The new proxy now reloads its configuration without terminating existing connections
To help troubleshooting wrong profile/filter assignment matching, the used profile and filter action is now logged in the http logfile.
HTTP Proxy scans POST request bodies
The proxy now employs virus scanning for bodies sent with POST requests to foreign servers as well. If the body contains a Virus, the content is blocked with '403 Forbidden'.
Intelligent caching capabilities, support of HTTP 1.1 connection keepalive and a new IO model allow for increased network performance of up to 80% depending on hardware and content scanning configuration. Besides HTTP proxy enhancements the new release also includes the following new features:
- Packet filter based on interface
- Auto-Packetfilter rule generation for NAT traffic
- SPAM Scanner with X-SPAM Flag
- Network Accounting/Usage
- Contentfilter double byte support
- Virtual HA MAC-Addresses (MAC address takeover)
- Multiple-IP-Check Uplink Failover
- >utomatic user creation support for eDir SSO
- Disabling of proxy and IPS exceptions
- Disabling of aliases on network interfaces
- Global NAT Traversal option
A detailed description of the new features, changes, system requirements as well as installation and upgrade information is included within the Astaro Security Gateway V7.1 Release Notes. The Astaro Security Gateway Administration Guide, a hardware compatibility list and a Known Issues List for the GA release are available on our knowledge base.
ASG V7 includes a 30 day all feature on trial period.
If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. “[7.100] Active Directory authentication “). If you have feedback to our documentation (Online Help) please send it to email@example.com. There is also a demo server to check the new GUI: http://demo.astaro.com
ISO image asg-7.100-071203-2.iso
size: 469 MB (469,676,032 Byte)
FTP server: * Germany * Germany2 * US * US 2 * Austria Mirror * Japanese Mirror
HTTP server: * Germany * Germany2 * US * US 2 * Austria Mirror * Japanese Mirror
VMWare Images for Player/Workstation, ESX v2 and ESX v3
(If you are not familiar with BitTorrent, please check out this detailed description: http://en.wikipedia.org/wiki/Bittorrent).
Search for “how to burn” on our Knowledge Base (http://www.astaro.com/kb/) if you have trouble to burn a CD from the ISO image.
Installation and Hardware Requirements
- The software needs to be installed on a dedicated Intel compatible PC.
- Astaro minimum recommendation for V7.1 BETA installations: Intel Pentium III 900 MHz, 512MB RAM, 10 GB hard disk drive and above.
- Best performance results running on: Dual Xeon or Athlon, 2GB RAM, 36 GB SCSI 15krpm hard disk drive and above.
- For proved hardware components please check our Hardware Compatibility List (HCL) at: http://www.astaro.com/lists/HCL-ASG-V7.txt
- System will reboot after Up2Date
- Existing configuration will not be changed
- Customers upgrading from versions prior to 7.100 MUST re-join the Firewall to the AD domain if they use SSO. In order to join the AD domain, the firewall must find a DC (Domain Controller) machine. In previous versions, this was done with a NetBIOS broadcast.
- Starting with ASG 7.100, pure AD (native) mode is used, which in turn requires finding the DC with a DNS lookup. There are also more strict requirements on DNS resolution and time differences. The following conditions must be met:
– The time zone on the firewall and the DC must be the same.
– There MUST NOT be a time difference of more than five minutes between the firewall clock and the DC clock.
– The ASG hostname must exist in the AD DNS system.
– The ASG must use the AD DNS as forwarder, or must have a DNS request route for the AD domain which points to the AD DNS server.
- Please see detailed release notes at http://download.astaro.de/ASL/v7.0/iso_i386/ASGV7.1_ReleaseNotes.pdf
Fix : .com websites are blocked by file extension scanner
Fix : Changing type of an interface will delete corresponding NAT/Masq rules
Fix : Whitelisting does not work under certain circumstances
Fix : NTLM doesn't work with IE7 and Windows Vista
Fix : WebAdmin very slow when using many objects
Fix : WebAdmin SSO support for ACC not working
Fix : More than one Executive Report in HA/Cluster environment
Fix : WebAdmin becomes unresponsive after a longer log-in period
Fix : Wrong message after too many failed WebAdmin logins
Fix : HA/Cluster stops working if ha password has special characters
Fix : Email Encryption logfiles filling up partition
Fix : Problems with IPSec and DNAT on bridge interfaces
Fix : Daily Spam Report is sent to all users
Fix : Anti-Spam filter not working in some environments
Fix : eDirectory authentication does not work if BaseDN is empty
The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system (All Up2Dates are GNUPG-signed!):
- Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
- Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 2e1a36d6374fd663763e49367b54533d Size : 152,837,625 bytes)
HTTP: Astaro US – Astaro US2 – Astaro Germany – Astaro Germany2 – Australian Mirror – Austria Mirror – Japanese Mirror
FTP: Astaro US – Astaro US2 – Astaro Germany – Astaro Germany2 – Australian Mirror – Austria Mirror – Japanese Mirror
Supported Web Browsers
The Astaro Security Gateway V7 graphical user interface (WebAdmin) will support the following browser/platform combinations:
MS Windows 2000/XP/Vista
- IE6 or higher (including IE7)
note: parallel installations of IE6 and IE7 are not supported!
- Mozilla Firefox 1.5 or higher
- Safari 3.0 or higher
- Mozilla Firefox 1.5 or higher
- Safari 2.0.3 or higher
- Mozilla Firefox 1.5 or higher
Note: the iPhone Safari browser has certain limitations – hence it is not supported
We recommend using Firefox on a system with at least 512 MB RAM and a CPU with 1.5 GHz or more to achieve maximum performance
Your Astaro Teams
The original article/video can be found at Up2Date and ISO ASG V7.100