We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Firewall Secure Connector Release Notes

  • Last updated on

Do not manually reboot your system while the update is running. For assistance, contact Barracuda Networks Technical Support.

FSC 2.0.x firmware supports Firewall Secure Connectors 2.x only. Installation on FSC1 appliances is not possible

FSC 2.0.5 and higher requires a Barracuda Firewall Control Center 7.2.3 + HF898 or higher.

Installing Firewall Secure Connector firmware version 2.0.5 requires migration of the Control Center Secure Connector Editor AFTER updating the Firewall Secure Connectors. This operation cannot be reverted.

  • After migration to SC Release 2.0, the editor only supports Secure Connectors 1.x with firmware versions 1.1.5 and higher.
  • After migration to SC Release 2.0, the editor only supports Secure Connectors 2.x with firmware versions 2.0.5 and higher.

To migrate the editor, lock the editor configuration on your Firewall Control Center and click Migrate SC Release

What´s New in FSC Version 2.0.6

Local Breakout IP Addresses
  • You can now configure up to 10 local breakout IPs in the WAN zone that are accessible from the LAN zone to exclude certain IP addresses from network traffic backhauling. Local breakout IP addresses can be configured to reach the Internet through the WAN or Wi-Fi zone and can be covered by the Link Selection feature.

What´s New in FSC Version

  • Default network routes are now correctly introduced if primary and secondary uplinks with enabled link selection are present. [BNNGF-57713]

What´s New in FSC Version 2.0.5

Additional LAN Modes

It is now possible to choose from three different LAN modes for the Secure Connector.

  • Switch mode - Combines all available LAN ports to a network switch group.
  • 2 Port Mode - Combines LAN2 and LAN3 to a network switch group. LAN1 can be configured individually.
  • 3 Port Mode - All available LAN ports can be configured individually.
Passive Link Probing for Link Selection
  • It is now possible to configure passive link probing as an additional option of the Link Selection feature. Enabling Passive Probing enables probing of the first configured VPN IP address and disables probing of explicit probing targets. Passive Probing does not support UDP Mode of VPN tunnels.
New WAN Probing Options
  • It is now possible to configure additional WAN Probing options via ICMP, DNS, or both.

What´s New in FSC Version 2.0.3

  • It is now possible to perform firmware updates via the web user interface. [BNNGF-53742]
  • Additional advanced DHCP options are now available on CloudGen Control Centers 7.2.2 and higher. [BNNGF-53946]
  • The DHCP Relay agent now starts correctly when the Secure Connector is booting. [BNNGF-54802]
  • The VPN Mode configuration has been removed from the web user interface. [BNNGF-53032]
  • The log viewer of the web user interface now works as expected. [BNNGF-50051]
  • The Wi-Fi client configuration on the web user interface was consolidated with the available settings via Firewall Admin SC Editor to allow IP address assignment only via DHCP. [BNNGF-55001]
  • It is now possible to configure a Control Center so that the LAN IP address of a Secure Connector is reachable via the VPN tunnel. [BNNGF-54024]
  • It is now possible to configure the modem of the Secure Connector via the web user interface. [BNNGF-54781]
  • The MTU of VPN interfaces of the Access Concentrator and the Secure Connector are consolidated to prevent fragmentation of packets. [BNNGF-48839]
  • Secure Connector configuration files can now have a user-defined file name when uploaded to the Secure Connector via USB thumb drives.

What´s New in FSC Version 2.0.1

Wi-Fi and 3G Support
DHCP Relay Support
  • All FSC2 models now support DHCP relaying in combination with a CloudGen Firewall Control Center version 7.2.1 or higher.
Other Improvements
  • Firewall Secure Connector configuration files are now accepted as <name>.conf files. sca.conf is no longer required. Please note that after successful activation all configuration files are removed from the mass-storage device on the FSC unit.
  • Several stability and performance improvements.

What´s New in FSC Version 1.1.0

FSC Containers

The Secure Connector running firmware 1.1.0 or higher can now run a single LXC container. The container is distributed and installed via the firmware update page on the Control Center.

For more information, see FSC Container.

Network Mapping Support

It is now possible separate data and management networks for the FSC. It is also possible to map the network behind the FSC to an automatically or manually mapped FSC data network. This allows you to use identical network configurations for each FSC, while still retaining a unique subnet for each location.

For more information, see How to Add a Secure Connector Configuration.

Improvements Included in FSC Version 1.1.0

  • Updated hostapd to resolve WAP2 security issue aka KRACK.    BNNGF-49852
  • Updated PHP to fix several security vulnerabilities.    BNNGF-45093

Improvements included in Secure Connector Firmware 1.0.5

  • Entering PIN codes for the UMTS modem now works as expected. (BNNGF-43118)

Known Issues
  • After switching from syslog streaming to logging to the filesystem the syslog service must be restarted manually or the FSC rebooted.

Improvements included in Secure Connector 1 Firmware 1.0.3

  • Log rotation now works as expected. (BNNGF-39656)
  • SC system level services, such as syslogd, can now access the Control Center via the VPN tunnel. (BNNGF-37734)
  • It is now possible to view kernel log messages via the serial console. (BNNGF-39664)
  • Default route metrics for link selection are now set correctly. (BNNGF-40504)
  • Link selection using the Wi-Fi interface as a WAN device now works as expected. (BNNGF-40562)
  • You are now automatically logged out of the serial console after the idle timeout. (BNNGF-40624)
  • Multiple stability improvements for the FSC operating system. (BNNGF-40559)

Improvements included in Secure Connector 1 Firmware 1.0.2

  • Changes to SSH key management. New SSH keys are generated during the update.
  • Stability and memory management improvements.
  • The hardware reset button now works as expected.
  • It is no longer required to reboot the SC to activate the UMTS modem configuration.
  • Updated OpenSSL to fix several security vulnerabilities.
  • Establishing a VPN connection no longer causes the WAN LED to be temporarily turned off.
Known issues
  • After resetting the SC with the hardware reset button, a dummy change and new export of the sca.conf from the Control Center is required for the SC to apply the sca.conf.

Improvements included in Secure Connector 1 Firmware 1.0.1

Firmware version 1.0.1 is a maintenance release and includes the following improvements:

  • Added support for 3G/UMTS modem (M11).
  • Added support for automatic uplink failover.
Last updated on