In a little over 1 month since the Beta of our next major ASG Version has been available, hundreds of downloads have occurred and thousands of comments have been posted in the V8 Beta Forum.
We have made some incremental Up2Dates to the Beta so far, and now today are releasing a larger Beta build which adds some hotly anticipated features like Location Based Blocking, Web Application Firewall Cookie Signing, and Custom WebAdmin/UserPortal Certificate support.
It is never to late to test the Beta! If you have been wanting to give it a try, you can do so easily. Read on for information on the new Up2Date, and information on how you can join the Beta if you are not already using ASG Version 8.
Since the first Beta release of ASG V8 (dubbed 7.900) we have had 4 additional Up2Dates. Today we release 7.910 with the usual fixes and improvements from testing and beta feedback. In addition, some new features have been added for you to test out. (For those new to our Beta process, see the original V8 Beta announcement and our V8 Introductory Post).
If you are already using the ASG V8 Beta, you do not need to re-install. The new 7.910 Up2Date will be delivered to you normally and is installed via WebAdmin. As usual however, we have updated ISO’s and manual Up2Date downloads for you, along with the release information.
ASG Beta 7.910 New Features
You can now enable a new feature in your Firewall Profiles for the Web Application Firewall called Cookie Signing. For each cookie set by the server this will add a signature stored in another cookie so that the WAF can check the signature on return from the client. This prevents tampering with the cookie on the client side.
Specify the WebAdmin/UserPortal SSL Certificate
In Management >> WebAdmin Settings >> HTTPS Certificate you can now select which certificate is used by WebAdmin and User Portal for SSL encryption. As well, if you have an existing CA that you would like to use to sign the certificate currently used by WebAdmin you can do so. This feature can allow for installations that have their own Certificates or CA to take advantage of a WebAdmin/UserPortal login which does not trigger a security warning in the browser when navigating to the login page(s). More information on this feature can be found in the forums.
New WebAdmin Role: "Reviewer"
In addition to the Admin and Auditor roles already in place, we are adding a new one to the Beta called "Reviewer". Reviewers are allowed to see all settings in WebAdmin (unlike the auditor which is limited to Logging and Reporting), but can’t change anything. You can give users this role via Management >> WebAdmin Settings >> Access Control. (This feature will also appear in ASG V7.505).
Location Based Blocking
Using a new section at ]Network Security >> Packet Filter >> Location Based Blocking you have the possibility to block ALL traffic to and from IP addresses located in specific countries/regions. Please note that this feature is a a rather blunt instrument without current support of exceptions. While usually quite accurate, it could produce the occasional false positive since tying IP addresses into a physical location is always a technical practice. However this feature is great for preventing traffic interactions with a certain region or country, perhaps for reasons of spam, constant attacks, probing, or simply to due company wishes.
ASG V8 Beta 7.910 Details
 Site to Site connection will not be established when SHA 512 is used as IPSec authentication algorithm
 Email subjects with umlauts are not displayed correctly in the mail manager
 Installer doesn’t handle UTC option correctly
 HTTP proxy doesn’t support "single time events"
 Site-to-site VPN Compression policy not working
 CPU reports showing the same utilisation for both nodes
 Log file download usability/consistency
 Packet Filter Live Log formatting is broken
 Logging –> View Log Files loads very slowly
 Small display problem in info in object table with IE8
 New Mail Security RBL too aggressive
 IPSec "Add Remote Gateway" fails with "VPN ID may not be empty"
 Web Application Firewall can not write audit log files (Permission denied)
-Configuration will be upgraded
-System will be rebooted
-New features to test (see above)
ASG ISO (for Software/Virtual appliance installation)
Size: 345M (362143744 bytes)
SSI ISO (for ASG Hardware appliance installation)
Size: 355M (372389888 bytes)
Up2Date package (7.904 to 7.910)
Size: 52M (54769352 bytes)
Enjoy your testing, and if you have any questions or problems, don’t forget to share them in the V8 Beta Forum. We have plans for cool prizes to reward some lucky testers!
Your Astaro Team