We are proud to announce that the General Availability (GA) of 7.500 has been soft-released. 7.500 includes great new features and functions, many of which were requested by our customers. To name just a few, there is a new Intrusion Protection Engine, Real-Time Bandwidth Monitoring, a transparent HTTP proxy mode with captive authentication portal, and the ability to import and export various lists.
This release is for all Astaro Gateway Products. Due to the size and significance of this release, we are rolling it out in phases. Immediately, there are Up2Date packages which will upgrade existing 7.405 and 7.490 installations. Next week, we will release ISO images for all Astaro appliances, and on October 1st, there will be a push of the 7.500 package via our content distribution network to all customers. For the details about our 7.500 release, please read on… As a major point-release, you will find a lot of new capabilities. Reading this post carefully will answer most questions you might have.
What’s new in V7.500?
7.500 adds over 50 new features and conveniences (and 700+ individual changes!), most of which are directly a result of submitted features by our partners and customer base. As this post is an overview, for full descriptions and details, please read the 7.500 Release Notes (PDF). I would also like to invite you to visit feature.astaro.com to register/spend your points on what we might do next.
Major New Things
Intrusion Protection Performance
- Uses new version of the IPS engine
- Scales massively when used with Multi-Core CPU/Appliances
Real-Time Bandwidth Monitor
- New Interface utilization bars on Dashboard (setup scale via editing the Interface and filling in new parameters for Upload/Download)
- Click for detailed overview as to "whats happening in my network right now"
- Gives the ability to work with manual lists for many features/fields
- Useful to import a large blacklist (for example) into the URL Blacklist
- Can been seen in many user-input boxes in Web, Mail and more. (Green Up/Down Arrows)
Transparent Authentication Support for Web Security
- Allows users to authenticate against a Portal-Style page
- Allows for username based tracking, reporting, and surfing without changing browser settings
- Currently logo can be customized. Text,HTML, and further customizations planned for a later time.
- Configurable Timeout via HTTP–>Advanced. (Default 900s)
- Easily duplicate existing objects for quick re-use.
- Supported in most places for many objects (Definitions, Services, Certain Profiles/Actions)
Extended Network Security Reporting
- Added Detailed Packet Filter/Firewall Reports
- Added Detailed IM/P2P Reports
Reputation Support for Web Security
- Allows use of the trustedsource.org reputation for Web Filtering
- Adds an additional check when allowing sites to be visited based on their degree of evil
- Automatically map a current lease to a static assignment
- Limit DHCP leases to those with static assignments only
- Configurable DHCP lease time
- Servers retain configuration when enabled/disabled
Multicast Routing Daemon
- PIM-SM Routing support
Other New Things
- Windows SSL VPN Upgraded – New Client which supports 64-bit operating systems and configuration file parameters. (Download client again via the UserPortal)
- Improved HTTP Caching – Increases hit/usage rates with new logic, making the cache more effective.
- Quarantine/UserPortal Usability – Adds navigation to the bottom (supplementing the existing controls at the top), large amounts (250-1000) of displayed items per page, and sorting by subject line.
- Default Definition for "Internet" – Created to specify "Internet" as an object which will exclude internal network(s) to aid policy creation (0.0.0.0/0 on Gateway interface) Customizable Shortcuts – Change the default Ctrl+Key assignments to fit your preference
- Improved Definition/Services Sidebar – Mouse-over now instantly shows full name and extended info to aid identifying desired object for drag ‘n drop, especially for long names
- User List shows static IPs – if assigned/configured (no need to edit in order to view)
- Live Log Negation – use to filter live logs to not show lines that match "-" entries i.e. -test to remove lines containing "test"
- Console/SSH Logins Trigger a notification – provides admin the needed insight when accessed.
- Instant Email Backup – Button for every created backup file which allows it to be sent immediately via email to configured addresses
- Custom text for notifications – Allows easier identification of which installation is sending the message. Especially useful if managing multiple sites using notifiers.
- Test NTP Sync – Button to immediately poll the configured NTP server
- Automatic Backup before Up2Date install Configurable Default for Lists – Allows for the amount of items per page (Packet Filter Rules, or anywhere there is a number amounts drop down) to have a larger default view
- Cluster/HA Serial Number View – Information on connected units made easier
- Schedule Firmware Installation – When an Up2Date for Firmware is available, you can schedule it to auto-install at a certain time (not recurring)
- WebAdmin Network Section Split – Now two sections; "Network" and "Network Services" for usability.
- Search Boxes Retain Data – No need to re-enter query when returning from a drill down/result click.
- System Restart Reason – Allows logging of "why was system restarted" in the notification
- Group Tool tips for Members – Easily discern Network/Service Group members without having to edit in order to view
- Reporting Exclusions – Used to remove unwanted entries from various reports (such as Google-analytics from Web Security tables
- Log Flag for NAT Rules – Similar to packet filter, tells you which NAT rule was matched as part of traffic handling
- Masquerading for Additional IP Addresses – Allows the use of Masquerading (vs. just SNAT) for additional IP’s bound to an interface
- Support for Multiple Authentication Servers – The authentication server section has been redesigned to support fallback/failover in an easier format, with many usability improvements
- SNMP MIB – Downloadable via the SNMP section of WebAdmin
- Up2date Status Reworked – Clarifies the current status of a Firmware Up2date to avoid confusion regarding the availability, download progress etc…of an issued Up2date.
- Up2Date Content Distribution Network – Significantly increases the speed of Up2Date downloads using a cloud-based CDN.
- Inline/Snap Report Links – Directly moves the Admin to the relevant details report when browsing the embedded daily reports located throughout WebAdmin
- Global POP3 Sender Blacklist – Quarantined as "other" in the QM/EUP
- Dashboard RSS Feed – Provides visibility to select Astaro-issued items via WebAdmin
- ASG 110/120 WatchDog – Provides auto-restart of ASG 110/120 appliances during rare times of crisis. Since they are often at branch offices or remote locations, this check will auto-restart the unit after most types of any failure (eg. voltage spike)
- New German Translation – The online help and other documentation has been updated with a reworked and much more accurate German-language translation
*Various other features, enhancements, and usability improvements
Up2Date Package Information
7.500 is currently offered as an Up2Date package which is manually downloaded and installed. There are 2 packages – one for V7.405->V7.500 and one for Beta testers using V7.490->V.7500. We will have ISO images next week, followed by a push of the 7.500 Up2Date via our Content Distribution Network on October 1st.
7.405 -> 7.500 Up2Date:
Link : ftp://ftp.astaro.de/pub/ASG/v7/up2date/u2d-sys-7.500.tgz.gpg
Size : 252,392,637 bytes (240.7 MB)
7.490 -> 7.500 Up2Date:
Link : ftp://ftp.astaro.de/pub/ASG/v7/beta/u2d-sys-7.490-500.tgz.gpg
Size: 78,404,495 bytes (74.77 MB)
Fix : Problem showing logged in remote users after HA takeover
Fix : Network and service group definitions unordered after 7.400 up2date
Fix : Dashboard view of RAM incorrectly labeled SWAP on Japanese webadmin
Fix : Wrong translation (English => German or French) in HTTP-Profiles >> FilterActions
Fix : Same domain name in request routing and static entries prevents named from starting
Fix : SSL Site2Site VPN default route to remote site does not work
Fix : License expiry when BIOS clock resets
Fix : IPSec local hosts/networks are missing in ASC-Configfile, if you add more than 5 hosts
Fix : Webadmin AWG and ASG – Translation error in "Filteraktion" of http profiles
Fix : Slave stuck in status UP2DATE and update was not started on slave
Fix : VPN connections cannot established on iPhone 3.0 using Cisco VPN client.
Fix : After update to version 7.403 the remote access menu item is missing
Special Home User Keys
Our Beta Testers of the 7.500 release will shortly (we promise!) receive information about their special Beta Tester Home Use Key, and we will announce the Amazon Gift Card winners then as well.
If you want to provide feedback or want to discuss any of the V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.500] IPS"). If you have feedback to our documentation (Online Help) please send it to firstname.lastname@example.org. There is also a demo server that will soon showcase all the new shiny things: http://demo.astaro.com
Enjoy the new things!
-Astaro Product Management and R&D Teams