9.0.4 Release Notes

Last updated on 2024-12-19 09:53:09

As the CloudGen Firewall has evolved over the years with its increasing number of features, the Release Notes articles have grown accordingly. This, in turn, has also added greatly to the number of entries in the menu column.

To make the Release Notes articles easier to read, they are now equipped with support elements that provide a better overview of all sections contained while making it easier to navigate between and inside these sections.

Each of these sections can be expanded and collapsed separately to show only what you are interested in. Simply click below a header line to expand or collapse a section.


	Note that depending on a certain release, the sections can vary both in content and number. In addition, a headline may be attributed by certain symbols with the following meaning: Critical information to be considered. Important information included in the section. Updated information available. Product-related information, e.g., new features, solved bugs. Product-related information that relates to known bugs. Note that regular information boxes in blue are not explicitly marked in the headline but may still appear in a section. Each section can be expanded individually for informational or printing purposes.
	Important Announcements and Notes for Release 9.0.4 Click here to read more about important announcements for this firmware release. Read this section before you continue with the Release Notes below. SSH DSA-Keys SSH DSA-keys are no longer regarded to be secure enough. [BNNGF-94751] Consider that they will be removed in the upcoming major 10.0 firmware release! End-of-Life and End-of-Support Status For information on which devices and services have reached EoL or EoS, see: Barracuda NextGen and CloudGen Firewall Appliances - EoS / EoL Definitions End-of-Support for CloudGen Firewall Firmware CloudGen Access Proxy When updating HA systems with the CloudGen Access Proxy enabled, you must reconfigure the proxy to generate a new enrollment URL. For more information, see CloudGen Access Proxy. Using Special Characters when Creating a Section in the Forwarding Ruleset With the release of the preceding firmware version 9.0.3, ‘-' is the only special character that is allowed to be used in firewall section names. SAML Authentication Updating to the preceding firmware version 9.0.3 disables SAML authentication. SAML authentication needs to be re-enabled again if configured before the update. See https://campus.barracuda.com/doc/170820079/
	General and Maintenance Information for the 9.0.4 Release Notes Click here to read more about basic aspects of this firmware release. Firmware version 9.0.4 is a minor release. Before installing the new firmware version: Do not manually reboot your system at any time during the update unless otherwise instructed by Barracuda Networks Technical Support. Upgrading can take up to 60 minutes. To keep our customers informed, the history of this Release Notes article, the "Known Issues" list (at the end of this article), and the release of hotfixes resolving these known issues are now updated regularly. If there are intermediate updates to this release, the corresponding notes can be found in this info box. 18.12.2024 – Release of firmware 9.0.4.
	Recommendations and Prerequisites for Running Firmware Release 9.0.4 Click here to read more about certain prerequisites for running the new firmware. Use the Appropriate Firewall Admin Release Barracuda Networks recommends using the latest version of Firewall Admin for a new firmware release. As of the public availability of firmware 9.0.4, Barracuda Networks recommends using at least Firewall Admin version 9.0.4. You can download this version here: https://dlportal.barracudanetworks.com/#/packages/6023/FirewallAdmin_9.0.4-22.exe Unlike in firmware 9.0.0 where Firewall Admin 9.0 no longer displayed GTI for firmware versions earlier than 9.0, this limitation has been removed as of release 9.0.1. Firewall Admin now displays GTI for Control Centers < = 8.3. However, because WANopt is no longer supported, note that Firewall Admin now ignores all WANopt settings from GTI regardless of the version. Who Can Update to Firmware Release 9.0.4 Read the Migration Notes 9.0.4 before updating to firmware 9.0.4. For more information on the migration process, see the article 9.0.4 Migration Notes.
	Update-Relevant Information for 9.0.4 Click here to read more about specific aspects that are relevant for the update. While new requirements can result in adding new features, existing features can become obsolete over time. To keep the CloudGen Firewall up to date and performing properly, certain features will be removed completely, and others may be replaced with improved technology. Features that Are No Longer Included as of this Version 9.0.4 If you require one of the listed features, do not update to this firmware version! FW Audit As of firmware 9.0.0, FW Audit is being discontinued. If you have been using FW Audit for reporting in the past, Barracuda Networks recommends using Barracuda Firewall Insights for advanced reporting instead. Web-UI As of firmware 9.0.0, support for the Web-UI is being discontinued. SMSd As of firmware 9.0.0, the SMSd is being discontinued. WANopt As of firmware 9.0.0, WANopt is being discontinued. Features that Will Become Obsolete in an Upcoming Release If you are currently using one of the features listed below, consider planning to switch to an appropriate alternative. Currently, there are no features planned to be announced for removal. However, Barracuda Networks recommends checking for this again in the release notes 9.1.0.
	New Features in Version 9.0.4 Click here to read about new features. As a minor release, version 9.0.4 contains important fixes.
	Solved Bugs and Improvements in Release 9.0.4 Click here to see a list of solved bugs and improvements. Authentication Multiple consequential logins by the same user are now considered even if the user is logged out meanwhile on the firewall. [BNNGF-84641] Login and logout events now show up in firewall users as expected when a user reconnects via a client-to-site tunnel. [BNNGF-94998] Barracuda Firewall Admin In the trust zone under Allow Client Versions you can now select newer NAC versions from 5.2.3 and greater. [BNNGF-91621] Firewall rule statistics are no longer wrongly renamed in certain situations. [BNNGF-94098] A priority field has been added to the VPN transport configuration which enables the user to determine the transport ID in VPN > Site-to-Site, column SD-WAN. [BNNGF-94378] All labels showing Unknown Signature have been renamed to Deleted signature. [BNNGF-95113] The tab Client Action has been removed as a configuration option from the Notification tab of the Eventing configuration, and the Server Action tab has been renamed Action. [BNNGF-95323] Barracuda OS Network speed is no longer compromised when handling PPPoE traffic. [BNNGF-83386] A description for handling limitations for encrypting storage has been added into the Backup Daemon main article. [BNNGF-94504] For more information, see Backup Daemon. The pool license scope no longer resets with a renewal. [BNNGF-94610] The `masterd` no longer crashes when the licensing tab is accessed. [BNNGF-94656] HA sync UDP sessions are now cleared as expected. [BNNGF-94803] Overall memory usage is stable as expected. [BNNGF-95162] Unexpected errors are no longer shown when configuring IPv6. [BNNGF-95181] Weblog streaming now works as expected. [BNNGF-95562] Client-DHCP monitoring now works as expected. [BNNGF-95596] Cloud Azure The IPv6 DHCP client works as expected in Azure with Accelerated Networking. [BNNGF-94794] Firewall Thunder VPN is now detected by the CGF. [BNNGF-84383] Application Control no longer slows down web traffic. [BNNGF-95197] Errors related to ICMP frames violating RFC-792 are not logged. [BNNGF-95563] The firewall no longer crashes in certain situations under heavy load. [BNNGF-95575] Force refresh of DNS objects now works as expected. [BNNGF-95662] Hardware New hardware models F800 Rev. D and F900 Rev. C are now available. [BNNGF-94905] For more information, see: - F800 Revision D - F900 Revision C HTTP Proxy The HTTP proxy has bee updated to version 6.12 [BNNGF-95376] The HTTP Reverse Proxy is now granted 10 seconds to start up and to work as expected. [BNNGF-95482] Block page now shows the correct category. [BNNGF-95632] REST Forwarding REST API endpoints from a CC to a managed box works as expected. [BNNGF-93625] It is possible to use a CC-Range Admin with a REST API token. [BNNGF-94666] VPN Client-to-site configuration changes no longer cause already established site-to-site tunnels to reload. [BNNGF-94491] Support Cases ( Resolved) Hotfix 1128 no longer causes dirty release. [BNNGF-95112] An user with range scope can now able to create new clusters via FW admin and Rest. [BNNGF-95265] Control network view now shows the correct OSPF information. [BNNGF-95375] Some websites or an element of a website now works as expected with TLS inspection if the domain is too long. [BNNGF-95740] CC managed CloudGen Firewall to SecureEdge now works as expected with updates for the file barracudaone_dyndata.conf during enrollment. [BNNGF-95866] Multiple DNS objects referenced in a parent object does apply now in the app rule. [BNNGF-95391] An issue related to kernel panic due to NULL pointer dereference has been now resolved. [BNNGF-95729] Handling of TCP segmentation when parsing TLS client hellos now works as expected. [BNNGF-95553] Enables SecureEdge Access Agent to use the box's local BDNS fallback. [BNNGF-94723]
	Known Issues in Release 9.0.4 Click here to see which issues are still subject to be solved. Authentication – After the firmware update to 9.0.2, SAML authentication no longer works for C2S VPN. Workaround: Select the check box Enable SAML support in the VPN Client to Site configuration. See https://campus.barracuda.com/doc/170820079/ [BNNGF-94611] Barracuda OS – If a QoS profile has been created and assigned to a physical interface, this profile will be automatically overwritten by the simple QoS band when performing an HA failover or deleting the VPN tunnel assigned to this physical interface. [BNNGF-90831] Barracuda OS - SNMP does currently not indicate the issue if a power supply unit (PSU) is down. [BNNGF-95463] Firewall – Inspecting traffic for QUIC/UDP 443 is currently not supported. [BNNGF-74540] Licensing – If the pool license is renewed, the permission scope for pool licenses is reset. [BNNGF-94610] SSL-VPN and Cuda-Launch – Shared folders and files are no longer accessible via CudaLaunch if the name of the shared folder or file contains a blank space. [BNNGS-3970] Workaround: You can make the folder accessible if you share it yourself and replace any blank character with %20. Telemetry – For managed firewalls note that settings displayed in the UI on the Control Center and the managed box can differ depending on the cluster and firmware version. [BNNGF-89044] VPN – Dynmesh tunnels do not get established when both sites are behind a NAT after updating to 9.0.0. [BNNGF-90377]

9.0.4 Release Notes

Important Announcements and Notes for Release 9.0.4

SSH DSA-Keys

End-of-Life and End-of-Support Status

CloudGen Access Proxy

Using Special Characters when Creating a Section in the Forwarding Ruleset

SAML Authentication

General and Maintenance Information for the 9.0.4 Release Notes

Recommendations and Prerequisites for Running Firmware Release 9.0.4

Use the Appropriate Firewall Admin Release

Who Can Update to Firmware Release 9.0.4

Update-Relevant Information for 9.0.4

Features that Are No Longer Included as of this Version 9.0.4

FW Audit

Web-UI

SMSd

WANopt

Features that Will Become Obsolete in an Upcoming Release

New Features in Version 9.0.4

Solved Bugs and Improvements in Release 9.0.4

Authentication

Barracuda Firewall Admin

Barracuda OS

Cloud Azure

Firewall

Hardware

HTTP Proxy

REST

VPN

Support Cases ( Resolved)

Known Issues in Release 9.0.4