What´s New in FSC Version 2.0.7
In addition to numerous stability and performance improvements, v2.0.7 offers the following new features:
- Container can now be reset to factory defaults before update packages are installed. This is done when a "resetcontainer" file is in the container update package.
- An iptables firewall implementation has replaced Shorewall.
- Automatic rollback for faulty configuration. When no connection to the CC can be established after 2 hours of configuration change, a rollback is done to the last-known working configuration.
- DHCP Relay now works on startup. (It no longer needs a manual restart after reboot.)
- Monitoring for 3G/LTE connections.
- UMTS.log has been added to syslog streaming.
What´s New in FSC Version 2.0.6
Local Breakout IP Addresses
- You can now configure up to 10 local breakout IPs in the WAN zone that are accessible from the LAN zone to exclude certain IP addresses from network traffic backhauling. Local breakout IP addresses can be configured to reach the Internet through the WAN or Wi-Fi zone and can be covered by the Link Selection feature.
What´s New in FSC Version 22.214.171.124
- Default network routes are now correctly introduced if primary and secondary uplinks with enabled link selection are present. [BNNGF-57713]
What´s New in FSC Version 2.0.5
Additional LAN Modes
It is now possible to choose from three different LAN modes for the Secure Connector.
- Switch mode - Combines all available LAN ports to a network switch group.
- 2 Port Mode - Combines LAN2 and LAN3 to a network switch group. LAN1 can be configured individually.
- 3 Port Mode - All available LAN ports can be configured individually.
Passive Link Probing for Link Selection
- It is now possible to configure passive link probing as an additional option of the Link Selection feature. Enabling Passive Probing enables probing of the first configured VPN IP address and disables probing of explicit probing targets. Passive Probing does not support UDP Mode of VPN tunnels.
New WAN Probing Options
- It is now possible to configure additional WAN Probing options via ICMP, DNS, or both.
What´s New in FSC Version 2.0.3
- It is now possible to perform firmware updates via the web user interface. [BNNGF-53742]
- Additional advanced DHCP options are now available on CloudGen Control Centers 7.2.2 and higher. [BNNGF-53946]
- The DHCP Relay agent now starts correctly when the Secure Connector is booting. [BNNGF-54802]
- The VPN Mode configuration has been removed from the web user interface. [BNNGF-53032]
- The log viewer of the web user interface now works as expected. [BNNGF-50051]
- The Wi-Fi client configuration on the web user interface was consolidated with the available settings via Firewall Admin SC Editor to allow IP address assignment only via DHCP. [BNNGF-55001]
- It is now possible to configure a Control Center so that the LAN IP address of a Secure Connector is reachable via the VPN tunnel. [BNNGF-54024]
- It is now possible to configure the modem of the Secure Connector via the web user interface. [BNNGF-54781]
- The MTU of VPN interfaces of the Access Concentrator and the Secure Connector are consolidated to prevent fragmentation of packets. [BNNGF-48839]
- Secure Connector configuration files can now have a user-defined file name when uploaded to the Secure Connector via USB thumb drives.
What´s New in FSC Version 2.0.1
Wi-Fi and 3G Support
- Certain FSC2 models now support Wi-Fi and 3G. For more information, see Firewall Secure Connectors .
DHCP Relay Support
- All FSC2 models now support DHCP relaying in combination with a CloudGen Firewall Control Center version 7.2.1 or higher.
- Firewall Secure Connector configuration files are now accepted as <name>.conf files. sca.conf is no longer required. Please note that after successful activation all configuration files are removed from the mass-storage device on the FSC unit.
- Several stability and performance improvements.
What´s New in FSC Version 1.1.0
The Secure Connector running firmware 1.1.0 or higher can now run a single LXC container. The container is distributed and installed via the firmware update page on the Control Center.
For more information, see FSC Container.
Network Mapping Support
It is now possible separate data and management networks for the FSC. It is also possible to map the network behind the FSC to an automatically or manually mapped FSC data network. This allows you to use identical network configurations for each FSC, while still retaining a unique subnet for each location.
For more information, see How to Add a Secure Connector Configuration.
Improvements Included in FSC Version 1.1.0
- Updated hostapd to resolve WAP2 security issue aka KRACK. BNNGF-49852
- Updated PHP to fix several security vulnerabilities. BNNGF-45093
Improvements included in Secure Connector Firmware 1.0.5
Entering PIN codes for the UMTS modem now works as expected. (BNNGF-43118)
- After switching from syslog streaming to logging to the filesystem the syslog service must be restarted manually or the FSC rebooted.
Improvements included in Secure Connector 1 Firmware 1.0.3
- Log rotation now works as expected. (BNNGF-39656)
- SC system level services, such as syslogd, can now access the Control Center via the VPN tunnel. (BNNGF-37734)
- It is now possible to view kernel log messages via the serial console. (BNNGF-39664)
- Default route metrics for link selection are now set correctly. (BNNGF-40504)
- Link selection using the Wi-Fi interface as a WAN device now works as expected. (BNNGF-40562)
- You are now automatically logged out of the serial console after the idle timeout. (BNNGF-40624)
- Multiple stability improvements for the FSC operating system. (BNNGF-40559)
Improvements included in Secure Connector 1 Firmware 1.0.2
- Changes to SSH key management. New SSH keys are generated during the update.
- Stability and memory management improvements.
- The hardware reset button now works as expected.
- It is no longer required to reboot the SC to activate the UMTS modem configuration.
- Updated OpenSSL to fix several security vulnerabilities.
- Establishing a VPN connection no longer causes the WAN LED to be temporarily turned off.
- After resetting the SC with the hardware reset button, a dummy change and new export of the sca.conf from the Control Center is required for the SC to apply the sca.conf.
Improvements included in Secure Connector 1 Firmware 1.0.1
Firmware version 1.0.1 is a maintenance release and includes the following improvements:
- Added support for 3G/UMTS modem (M11).
- Added support for automatic uplink failover.