UserGate UTM - What's new?

UserGate UTM 4.0.18 (build 4.0.1816058, January 17, 2018)

Important! If you are upgrading from version 4.0.12 or earlier, it is required to update Terminal server and Windows authorization agents to the latest version before performing UTM update.

Change log

  • Added ability to encode to base64 username (X-Authenticated-User) sent to ICAP server
  • Added ability to set several cluster IP addresses to one interface
  • Fixed atop log rotation problem
  • Fixed DNS timeout error
  • Fixed error of updating list with translation web-sites
  • Fixed error with cyclic redirect if everything is blocked and block page set to external web-page
  • Fixed Mailsecurity over STARTLS issues
  • Fixed problem when computers authorized via Kerberos instead of users
  • Improved time to apply firewall rules
  • Сhanged network adapter type to VMXNET3 for ovf-image.

UserGate UTM 4.0.14 (build 4.0.1416018, November 22, 2017)

Important! It is required to update Terminal server and Windows authorization agents to the latest version before performing UTM update.

Change log

  • Fixed incorrect output for twice Escape button in CLI
  • Fixed Captive portal page error if no zones selected in Captive-portal rule
  • Fixed category change request error
  • Fixed backup to the external USB device error happened in some cases
  • Fixed Server is busy error when checking site's category on second cluster node
  • Fixed error with incorrect firewall rule if source and destination ports for service are specified
  • Fixed error of deployment image to hardware platforms
  • Fixed 15 symbols limitation for SMPP user name
  • Fixed problem with blocking skif.minfin74.ru by IDPS module
  • Fixed slow UTM when export logs to the external syslog server is enabled and syslog server is unavailable
  • Fixed remote assistant problem if UTM hangs
  • Fixed problem of UTM upgrade if nodes are in cluster
  • Fixed IDPS update problem if update file contains invalid data
  • Fixed problem when Cyrillic-named users appeared incorrectly in white list requests
  • Fixed AD sync problem with OU with Cyrillic letters and spaces
  • Fixed disk resize problem on Microsoft Hyper-V platform
  • Fixed problem with DNS-filtering domains, where * symbol was used
  • Fixed error when flood protection does not drop packets when threshold exceeded
  • Fixed problem with force update does not actually start update
  • Fixed occasional SSL module hang problem during SSL certificates generation
  • Fixed server statistics hangs with error invalid byte sequence for encoding UTF8
  • Updated RAID controller driver
  • Updated some system utilities
  • Improved performance of AD users viewing, decreased load on AD servers
  • Improved UTM stability when applying databases update
  • Improved efficiency of applying firewall rules when user logged in
  • Improved security for API requests
  • Added ability to create Flood protection rules with threshold more than 10000 packets per seconds
  • Added exclusion for UDP DNS traffic from DNS servers used by UTM
  • Changed virus and spam tools to separate modules.

UserGate UTM 4.0.12 (build 4.0.1215962-2, September 28, 2017)

Change log

  • Fixed UTM hangs if configured sending logs over syslog over TCP to external server and that server is not accessible
  • Fixed incorrect gateway status in some cases on Hyper-v platform
  • Fixed partition resize on Hyper-v platform
  • Fixed USB flash drives problem when creating backup or export logs in support menu on some appliances
  • Updated potentially vulnurable tcpdump package

UserGate UTM 4.0.12 (build 4.0.1215959, September 5, 2017)

Change log

  • Fixed incorrect network port for VRRP cluster session sync
  • Fixed error when node is removed from cluster
  • Fixed incorrect user's IP address on blockpage for sites beginning with digits
  • Fixed potential kerberos vulnerability Orpheus Lyre
  • Fixed problem when new L7 signature is not shown in the list of available signatures after update
  • Fixed problem with opening web-sites which have non-RFC compliant headers, for example, multitran.ru
  • Fixed load balancing, if used in Gate node
  • Fixed problem with gateway availability check when network cable is unplugged
  • Fixed DHCP configuration lost after UTM update
  • Fixed problem with load balancer stop working after system reboot
  • Fixed spam filtering and load balancing, when used simultaneously
  • Fixed problem with BYOD devices waited for admin's approval
  • Fixed problem with e-mail addresses lost in notifications profiles after server reboot
  • Fixed Mailsecurity doesn't work if load balancing for SMTP is enabled
  • Fixed cyclic service reboot if set connectivity check lower than 10%
  • Fixed problem with load balancing when fallback server is never used
  • Fixed problem when OU is changed in AD, but remains unchanged in UTM
  • Fixed auth agent for Windows and for Terminal services when users' accounts have symbols of national alphabets
  • Added ability to filter web-resources opened via translation sites (translate.google.ru, translate.yandex.ru)
  • Added ability to show username on blockpage
  • Added ability to launch radmin to Entensys support in case of UTM crashes
  • Added ability to apply firewall rules to fragmented/not fragmented/all network packets
  • Added ability to create Services libraries with source ports
  • Added additional checks for MTU size in adapter settings
  • Added check for spaces in root path in AD connector
  • Added OU check when configuring AD connector
  • Added successful UTM boot event to the event log
  • Added additional validations when creating load balancing rule
  • Added additional checks for certificate when uploading it to UTM
  • Added SNMP alerts for blocking firewall rules events
  • Improved provider balancing. User's sessions stick to the same provider if several providers are in use with balancing
  • Improved UTM security, access closed to ports 4004, 4005, 8091
  • Improved validation of CLI commands reboot/shutdown
  • Improved processing of certificates with empty common name
  • Improved URL filtering
  • Improved HTTPS decryption. If no-decrypt rule applied, content filtering rules will still filter based on host-names or URLF category
  • Improved stability of VRRP failover
  • Improved utm-appliance stability
  • Improved stability of UTM start up procedure
  • Decreased time required to apply firewall rules.

UserGate UTM 4.0.11 (build 4.0.1115660, June 28, 2017)

Change log

  • Fixed authentication agent problem if users have Russian names in AD
  • Fixed exporting traffic log to syslog
  • Fixed IDPS crash on appliances with number of CPU cores more than 16
  • Fixed loss of user authentication when traffic switched to another node
  • Fixed minor interface misprints
  • Fixed minor problems when processing URL lists
  • Fixed problem notifications, triggered by IDPS
  • Fixed problem of loading certificates
  • Fixed problem when network settings disappeared after reboot in some cases on Hyper-V platform
  • Fixed problem with AD sync if root path contains Russian letters
  • Fixed problem with blocking page if IDPS is on
  • Fixed problem with changing proxy port from 8090 and then back to 8090
  • Fixed problem with filtering POP3 TLS traffic from gmail
  • Fixed problem with high memory utilization by Kaspersky antivirus and high load
  • Fixed problem with Kaspersky antivirus stopped working occasionally
  • Fixed problem with LCD screen doesn't work on UTM-F hardware appliance
  • Fixed problem with license expired one day earlier than expected
  • Fixed problem with MTU size is lost after reboot on Hyper-V platform
  • Fixed problem with slow opening of Juniper.com after upgrade to 4.0.10
  • Fixed problem with sorting by traffic volume in statistics
  • Fixed problem with statistics is shown in UTC while another timezone is set
  • Fixed problem with transient users’ expiration time
  • Fixed problem with vlan's MTU size is lost after reboot
  • Fixed server hang if Radmin is enabled and server rebooted
  • Fixed shaping rule if it created from Monitoring page
  • Fixed statistics database rotation
  • Added ability to block sites if they are opened via translation sites
  • Added ability to block traffic if UTM executables have been changed
  • Added ability to show user's IP address on the blocking page
  • Added additional checking for user input
  • Added check to make sure that all lists have unique names
  • Added items on page to show long lists
  • Added new events to the Event log
  • Added reboot option to Support Tools menu
  • Added support for new 10Gb network modules
  • Improved license information shown in CLI
  • Improved performance of server statistics
  • Improved performance of SSL keys generation
  • Improved URL-lists processing performance
  • Improved Windows Authentication agent in cases of AD server is not available
  • Updated drivers for 10Gbit network modules.

UserGate UTM 4.0.10 (build 4.0.1015000F)

Change log

  • Fixed error if set DHCP lease time lower than 300 seconds
  • Fixed error of showing transit traffic on Network monitoring page
  • Fixed error with DHCP relay setting on VLAN interface
  • Fixed problem when DNS server becomes unavailable in some cases
  • Fixed problem with decrypting some web sites with specific SSL cipher
  • Fixed Server is busy error when showing webui certificate details
  • Fixed SSL certificate decryption for specific portals (no reuse certificates)
  • Fixed problem with editing existing TCP and UDP services in Library
  • Fixed problem with getting error when opening first site and Kerberos login
  • Fixed problem with incorrect authentication if user exists in more than one domain
  • Fixed problem with incorrect encoding when sending SMTP notification
  • Fixed problem with incorrect firewall rule if there is an interface with no zone assigned
  • Fixed problem with lack of IP:ports ranges when working with terminal servers
  • Fixed problem with terminal services agent working with HA cluster
  • Fixed terminal server users' identification problem (user Unknown)
  • Fixed problem with not showing images in some sites, ex. www.sberbank.ru
  • Fixed problem with resend user's request if web-server is not available
  • Fixed problem with sending traffic log to external syslog servers
  • Fixed problem with traffic shaping rule if use custom bandwidth pool
  • Fixed Server is busy error when adding 16 zone
  • Fixed Server is busy error when enabling remote assistance and no Internet connection
  • Fixed Server is busy error when set Max.request size <1 in ICAP properties
  • Fixed trial license expiration problem
  • Fixed server crash when synchronising AD with OUs with russian letters in name
  • Added ability to create/delete VLAN in CLI
  • Added support for FreeIPA LDAP directory
  • Added ability to revoke UTM update which has been downloaded but not installed yet
  • Added ability to set IP ranges in IP lists libraries
  • Added ability to show user's IP address on the block page
  • Added changing error level event to the event log
  • Improved block page HTTP status code 403
  • Improved compatibility with Searchinform DLP when working with some sites
  • Improved compatibility with some ICAP servers
  • Improved disk space monitoring and log rotation
  • Improved expiring SSL certificates' rotation procedure
  • Improved LDAP groups view, show domain\group instead of distinguished name
  • Improved linux kernel error handling
  • Improved showing license information in cluster mode
  • Improved statistics module stability
  • Improved terminal server auth agent to work with massive Citrix servers deployment

UserGate UTM 4.0.9 (build 4.0.914268)

Change log

  • Fixed bug with user's identification if he logged in from several different devices
  • Fixed bug with categories are shown in English on suggest new category page while Russian locale is set
  • Fixed mail security for POP3 protocol
  • Fixed problem when HTTPS sites are not blocked by content filtering rules by URLF categories if specific source zone selected and no HTTPS decryption configured
  • Fixed problem with unneeded update installation if newer cumulative update is available
  • Fixed problem with web-console freezes in some cases
  • Fixed with incorrect processing of some urls with some special characters
  • Fixed problem with processing rules for known users
  • Fixed problem when terminal server auth agent incorrectly worked if terminal server has more than 1 IP address. Required to update terminal server agents on all terminal servers.
  • Fixed database operation in cluster mode
  • Added ability to configure web proxy timeouts in CLI
  • Added ability to control HTTP/S on custom port when browser uses UTM as proxy server
  • Added ability to identify user by MAC address for HTTP/S traffic
  • Added ability to test SMTP notification profile
  • Added additional system information to log files
  • Added information about administrator who initiated security update
  • Added information about successful security update installation to the event log
  • Added IP address validation on SNAT field
  • Added protection from gateway deletion which is in use in routing rules
  • Added TLS/SSL security in SMTP notification profile
  • Added validation for overlapped IP ranges when importing IP lists to libraries
  • Added support for new appliances D, E, F hardware
  • Improved synchronization with Active Directories with big number of objects
  • Improved DNS performance
  • Improved GeoIP performance
  • Improved internet performance on slow links
  • Improved overall UTM performance
  • Improved overall UTM stability
  • Improved search for users with Cyrillic names.

UserGate UTM 4.0.8 (build 4.0.813544)

Change log

  • Fixed problem with using IP lists with IP ranges
  • Fixed problem when administrator gets access denied trying to edit HTTP-cache exclusions
  • Fixed localization of some categories showed on block pages
  • Fixed localization of some punycode sites showed on block pages
  • Fixed description field localization in content filtering rules
  • Fixed problem with inconsistent installation of windows updates
  • Added ability to select beta or stable UTM updates
  • Improved high availability cluster to switch to slave server during software update
  • Improved rule log table view
  • Improved error handling when adding same DNS record with different IPs

UserGate UTM 4.0.7 (build 4.0.713445)

Change log

  • Fixed problem with failure of removing static DNS records
  • Fixed problem with inconsistent Mailsecurity module registration
  • Fixed problem with incorrect replication of HTTP cache between cluster nodes
  • Fixed scrolling problem with big number of rules
  • Fixed problem with decrypting all HTTPS traffic if there is allowing content filtering rule
  • Fixed problem which prevented Windows updates to finish installation
  • Fixed problem with high IRQ rate and high CPU resource consuming
  • Fixed Skype detection by L7 module
  • Fixed problem with Unknown category set to white list requests
  • Fixed problem with warning content filtering rule acts on every request to accepted domain
  • Fixed problem with removing AD user from local group during AD sync
  • Added ability to delete several requests to a white list at once
  • Added ability to export and import rejected white list requests
  • Added ability to search through the list of rejected white list requests
  • Added ability to monitor swap-file usage
  • Improved overall stability
  • Improved procedure of replacement of SSL certificate for web console
  • Improved AD synchronization with big number of objects, performance is not affected
  • Improved remote assistance service
  • Improved users view
  • Improved errors' description
  • Improved mail servers publishing in case if one server needs SPAM filtering and other does not need it
  • Improved Dashboard graphs and performance
  • Improved DHCP lease sorting
  • Improved view of large number of rules
  • Improved statistics database rotation to avoid disk full problem
  • Improved Auth agent for terminal services. Added ability to change settings after installation
  • Updated timezones information

UserGate UTM 4.0.6 (build 4.0.613264)

Change log

  • Fixed problem with MIME filtering in content rules
  • Fixed problem with 4.0.5 update failed to complete
  • Fixed problem when 4.0.5 update removed gateways, routes and services for zones
  • Fixed problem with HTTP proxy sessions through UTM can hold on for a long time
  • Fixed problem with incorrect HTTPS decryption if there are more than one original certificate for the same common name
  • Fixed problem when Captive portal page is not shown to users with mobile devices if Kerberos and Local auth methods are used
  • Fixed problem with authentication if user has not defined password
  • Fixed problem with inability to follow to the original site after successful Captive auth
  • Fixed problem with HTTP caching was always off
  • Added filtering to users’ view
  • Added support for QUIC protocol
  • Added password complexity for new transient users
  • Added password complexity for self-registered users
  • Added phone translation rules to SMPP profiles
  • Aded ability to block HTTPS sites by hostnames or by URLF categories without decrypting HTTPS traffic
  • Improved SNMP service to support standard queries to OIDs 1.3.6.1.2.1.1.*
  • Improved error localization
  • Improved performance of URLF database
  • Improved database recovery in case of unexpected shutdown
  • Improved UTM network rules synchronization stability
  • Improved connectivity checker parameters, increased QoS and timeout
  • Removed registration dialog on first run of UTM
  • Limit logging in firewall rules not less then 5 a day

UserGate UTM 4.0.5 (build 4.0.513181)

Change log

  • Fixed problem with license reset in some circumstances
  • Fixed problem with active directory connector incorrectly updates objects if they were moved in different OU
  • Fixed problem with configuring of SNMP v2
  • Fixed problem with SNMP v3 authorization when using AuthNoPriv, AuthPriv
  • Fixed numerous Server is busy errors
  • Fixed problem when server hangs if unexpected shutdown happened on hyper-v virtual platform
  • Fixed problem when big file downloaded over UTM is interrupted if download lasts more than 24 minutes
  • Fixed problem when internet is still working after last gateway was deleted
  • Fixed problem with slow internet over UTM and high load on 1 core of CPU when VLANs are in use
  • Fixed problem with inability to open HTTPS sites with non RSA encryption, such as GOST
  • Fixed problem when GRE interfaces are shown in the interfaces list in hyper-v platform
  • Fixed problem with custom redirect in captive profiles doesn't work
  • Fixed problem with Active Directory authentication if user has password with Cyrillic letters
  • Fixed some auth templates which have incorrect UTF-8 encoding declaration placement in body
  • Fixed problem with UTM security update is lost after server rebooted
  • Fixed problem with inability to add UDP service
  • Fixed problem with inability to change VLAN settings after server reboot
  • Fixed problem when CLI does not show all services enabled for zone
  • Fixed problem with web console hangs when enabling Remote assistant and no internet connection is available
  • Fixed problem with Kerberos authentication shows Captive portal page after user login time expired
  • Fixing problem with HTTPS decryption does not block sites with invalid certificates when option Block sites with incorrect certificate is enabled
  • Fixed problem which can lead to disabling of internet gateway in some circumstances
  • Added ability to set domain for captive authorization instead of default auth.captive
  • Added ability to use HTTPS for captive portal authorization page
  • Added Clear logs button
  • Added web console automatic refreshing when server is booting or not available
  • Added ability to send MAC address to external ICAP server as X-Client-MAC field
  • Added ability to make changes on several selected objects in web console
  • Added ability to create content filtering rules to allow to keep the original user's IP address when connecting over UTM to external HTTP/HTTPS resources
  • Added ability to work with SIP protocol when NAT is used
  • Added ability create services with range of ports
  • Improved error localization
  • Improved event log records localization
  • Improved server's log handling
  • Improved statistics server stability
  • Improved some statistics reports
  • Improved UTM core stability
  • Improved synchronization of authorized users between nodes of cluster
  • Improved Firewall and NAT rules dialogs to enable limit logging as default setting
  • Improved DHCP leased addresses presentation in web-console, added sorting
  • Improved DNS and HTTP proxy performance on high load, added more processing threads

UserGate UTM 4.0.2 

Change log

  • Fixed problem with Mail Security module not filtering spam and viruses if specific PIN code is used
  • Fixed problem with adding existing user to a traffic shaping rule
  • Fixed problem with periodic set NTP sync to off on VMware virtual machines
  • Improved cluster update procedure

UserGate UTM 4.0.1

Change log

  • Fixed sync problem with Active Directory over SSL
  • Fixed ethernet ports sorting in hardware appliances
  • Fixed problem with balancing traffic to several internet gateways
  • Fixed problem with incorrect Active Directory synchronization timestamp in Auth servers view
  • Fixed problem when serial port speed switches from 115200 to 38400 when UTM loaded
  • Fixed minor problems with web-console and IE11 browser
  • Fixed minor problems with displaying statistics in cluster
  • Fixed problem with empty Traffic log
  • Fixed custom redirect for DNS filtering rules
  • Improved error messages
  • Improved Event log messages
  • Added support for importing different kinds of certificates
  • Added ability to ping and traceroute hosts from specific network interface in CLI
  • Added blocking access to interfaces in Management zone from another zones
  • Added ability to change proxy port from 8090 to a custom number.