It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

7.0.4 Release Notes

  • Last updated on

Before installing or upgrading to the new firmware version:

Do not manually reboot your system at any time while the update is in process, unless otherwise instructed by Barracuda Networks Technical Support. Upgrading can take up to 60 minutes. For assistance contact Barracuda Networks Technical Support.


To keep our customers informed, the Known Issues list and the release of hotfixes resolving these known issues are now updated regularly.

  • 2018-01-25 – Firmware version 7.0.4 released.
  • 2018-05-15 – Hotfix 874 - Fixes the security vulnerability CVE-2018-10115 in 7zip
  • Back up your configuration.
  • The following upgrade path applies – 5.2 > 5.4 > 6.0 > 6.1 (optional) > 6.2 (optional) > 7.0.4
  • Before updating, read and complete the migration instructions.  

For more information, see Migrating to 7.0.

As of January 31, 2019, the first-generation ATP cloud services used by default with firmware versions 6.2.x, 7.0.x, 7.1.0, 7.1.1, and 7.2.0 will be discontinued. Firewalls using ATP must switch to the second-generation ATP cloud service, which is known as Barracuda Advanced Threat Protection (BATP).

For more information, see 7.0 Migration Notes.

What´s New in Version 7.0.4

NextGen Firewall firmware 7.0.4 is a maintenance release. No new features were added.

Improvements Included in Version 7.0.4

Barracuda NextGen Admin
  • In the access rule editor, when using network objects for the destination, the Create Proxy ARP checkbox is available only for single IPv4 addresses.     [BNNGF-37764]
  • It is now possible to enter a hostname as the Remote Gateway in the IKEv2 IPsec VPN tunnel configuration.      [BNNGF-41471]
  • The reverse proxy now delivers root certificates only once per request.     [BNNGF-46029]
  • All available and uploaded update files are now displayed in the Download Portal and Files on Control Center sections of the Firmware Update page on the Control Center.      [BNNGF-46467]
  • The firewall dashboard now correctly displays content older that 7 days.     [BNNGF-46908]
  • IPv6 addresses are now shown correctly in the GTI Editor.     [BNNGF-47295]
  • When connecting to a NextGen Firewall with an old version of NextGen Admin, a warning is displayed.     [BNNGF-47333]
  • NextGen Admin now supports virtual DPI scaling for high resolution displays.      [BNNGF-48005]
  • ICMP policies are now copied together with a related access rule.     [BNNGF-48046]
  • In case a redirection target list reference is selected in a firewall rule, the fallback and cycle combo element is disabled.     [BNNGF-48185]
  • GTI configurations for IPsec tunnels now work as expected.     [BNNGF-48342]
  • Uploading a local package to the Control Center firmware update UI no longer causes timeouts.     [BNNGF-48552]
  • Adding entries for DNS zones now works as expected.     [BNNGF-48703]
  • When downloading terms of service during an activation with the wizard, the proxy settings are now used as expected.     [BNNGF-49151]
  • License tokens are now case insensitive.     [BNNGF-49166]
  • Up/Lifetime information for VPN tunnels is now displayed correctly.     [BNNGF-49261]
  • The entry Toggle Trace in the pop-up menu of the Firewall Live View is no longer available.     [BNNGF-49574]
  • Firewall stability improvements.     [BNNGF-49639]
  • QoS configuration is only available for IPv4.     [BNNGF-50067]
  • Firewall Monitor in NextGen Admin now correctly evaluates time information.     [BNNGF-50449]
  • Copying serial numbers to the clipboard now works as expected in the Control Center activation tab.     [BNNGF-50512]
  • Peer and local addresses are now displayed correctly in the NextGen Admin VPN status pages.     [BNNGF-50699]
  • Display of firewall users in grouped view is no longer rendered unreadable with long group text.     [BNNGF-50826]
Barracuda OS
  • Events for expiring Energize Updates licenses are now created as expected.     [BNNGF-41720]
  • Performance improvements for VPN tunnels on Ethernet Bundles (bond) interfaces running on NextGen Firewall hardware models using the igb driver.     [BNNGF-42808]
  • Configuration changes via NextGen Admin no longer cause user authentication session information to be reset on the firewall.      [BNNGF-44891]
  • Web Security Gateway authentication scheme now works as expected.      [BNNGF-45113]
  • Configuration of the TS Agent now supports Group Filter Patterns and works similar to existing configuration options for DC Agent.     [BNNGF-45438]
  • Adding new PTR entries to the forward lookup zone now works as expected if both the forward AND reverse lookup zone is locked before the change.     [BNNGF-46055]
  • F800 Rev. B models with module M801 no longer experience port flapping with higher load.     [BNNGF-46304]
  • DSL connections using the internal Barracuda DSL modem can now be started and stopped on the CONTROL > Box page in the Dynamic Networks section of the left menu.       [BNNGF-47819]
  • DSL now works as expected after an import of a PAR file.     [BNNGF-47907]
  • VLAN references are no longer displayed after the deletion of the VLAN.     [BNNGF-48054]
  • DSL WAN connections using DHCP to receive the IP address from the ISP now work as expected.      [BNNGF-48064]
  • Firewall stability improvements.     [BNNGF-48225]
  • The firewall no longer drops packets that are larger than the MTU.     [BNNGF-48521]
  • Soft Activation no longer causes a network interruption.     [BNNGF-48862]
  • Interface names are now mapped correctly from the Defaults file for port names.     [BNNGF-49478]
  • Auto-created source-based routing now works as expected.     [BNNGF-49726]
  • The security issue to protect against the WPA2 vulnerability (KRACK attack) has been resolved.     [BNNGF-49766]
  • TCPDump no longer disables a bundled interface in promiscuous mode.     [BNNGF-49793]
  • The threshold for lower fan speeds has been adjusted to accept cooler ambient temperatures.     [BNNGF-49795]
  • Initial NTP synchronization now works as expected.     [BNNGF-49860]
  • IPsec now triggers event ID 3000 as expected.     [BNNGF-50824]
  • HA takeover now works in acceptable times as expected.     [BNNGF-50887]
Control Center
  • Control Center license updates for managed firewalls no longer fail due to a failed lock on the license configuration node.      [BNNGF-40233]
  • Status colors in the Control Center status map are displayed correctly if an AV license is still valid and less than 90 days.     [BNNGF-45530]
  • If the serial gets changed on a virtual firewall, the activation daemon now downloads new licenses.     [BNNGF-47608]
  • SCA setups are no longer broken after an upgrade of a Control Center.     [BNNGF-48187]
  • The NextGen Firewall now creates correct events on boxes when external admins authenticate without a password on the Control Center.     [BNNGF-48738]
  • In rare cases the Control Center Configuration Service ran out ouf resources. This issue has been resolved.     [BNNGF-49488]
  • Application Rules and URL categories now match correctly.     [BNNGF-24209]
  • The Root DNS network object now contains the current DNS root servers.      [BNNGF-38070]
  • Global firewall objects are now immediately activated by the firewall engine after a configuration on the Control Center.     [BNNGF-38201]
  • Application Provider Selection improvements for applications using SNI in the TLS 1.2 handshake.      [BNNGF-45975]
  • SSL Interception now correctly handles connections where the MTU/MSS size is smaller than the default.     [BNNGF-48135]
  • FTP and SIP plugins no longer cause a system crash.     [BNNGF-48540]
  • The trans7 process no longer produces a segmentation fault in certain situations.     [BNNGF-49135]
  • FTP sessions are now handled correctly and no longer cause different errors.     [BNNGF-49507]
  • Favorites/attributes are no longer lost during backup and restore.     [BNNGS-199]
  • Characters encoded in UTF-8 are now handled correctly in text attributes.     [BNNGS-435]
  • VPN routing in combination with BGP, TINA, and IPsec using main routing tables now works as expected.     [BNNGF-49698]
  • Certificate-based authentication for site-to-site IPSEC with multiple altSubjectNames now works as expected.     [BNNGF-50418]
  • Establishing an IKEv1 site-to-site VPN tunnel in aggressive mode now works as expected.     [BNNGF-50597]

Current Known Issues

  • Nov 2017: URL Filter – URL Filtering currently does not work with PAYG images.
  • Nov 2017: VLANs – Transferring data over configured VLAN interfaces of a NextGen Firewall F180 or F280b can fail even if the MTU size is changed.    [BNNGF-46289]
  • Feb 2017: NextGen Firewall F10 Rev A – It is currently not possible to install a Barracuda NextGen Firewall F10 Rev A via F-Series Install. Install 6.2.2 and upgrade to 7.0.4 instead.    [BNNGF-43579]
  • Oct 2016: Application Based Routing – Streaming web applications such as WebEx, GoToMeeting, or bit torrent always use the default connection configured in the application-based provider selection object.    [BNNGF-42261]
  • Sept 2016: IPsec IKEv1 IPv6 – It is not possible to use hostnames as the remote gateway.
  • Sept 2016: IPsec IKEv1 IPv6 – It is not possible to use a dynamic local gateway.
  • Sept 2016: TINA IPv6 – It is not possible to use proxies for TINA VPN tunnels using IPv6. 
  • Sept 2016: OSPF – Enabling OSPF through the Run OSPF Router setting currently has no effect on freshly installed 7.0.0 firewalls. Enable OSPF by entering a dummy IP address in the Summary Range IP/ Mask list of the OSPF Area Setup.
  • Sept 2016: VMware – Network interfaces using the VMXNET3 driver do not send IPsec keepalive packets unless TX checksumming is disabled for the interface (ethtool -K INTERFACE tx off).    [BNNGF-38823]
  • Sept 2016: URL Filter – Firewalls running 6.2.0 or higher that are managed by a Control Center using firmware 6.0.X or 6.1.X must complete a dummy change in the security policy whenever enabling/disabling the URL Filter in the General Firewall Settings.
  • Sept 2016: Azure – After updating a firewall using Azure UDR via Azure Service Manager, the Deployment Type might be displayed incorrectly as y. This does not affect updating Azure UDR routes.
  • Sept 2016: IKEv1 IPsec – When using as a local IKE gateway, you must enable Use IPsec Dynamic IPs and restart the VPN service before a listener on is created.
  • Sept 2016: HTTP Proxy – Custom block pages do not work for the HTTP Proxy when running on the same NextGen F-Series Firewall as the Firewall service. This issue does not occur when running the HTTP Proxy service on a second NextGen F-Series Firewall behind the NextGen F-Series Firewall running the Firewall service.
  • Sept 2016: Terminal Server Agent – It is not currently possible to assign connections to Windows network shares to the actual user.
  • Mar 2016:SSH – There is no sshd listener for IPv6 management IP addresses.    [BNNGF-37403]
  • Feb 2016: Azure Control Center – On first boot, "fatal" log messages may occur because master.conf is missing. These log messages can be ignored.    [BNNGF-36537]
  • Feb 2015: CC Wizard – The CC Wizard is not currently supported for Control Centers deployed using Barracuda F-Series Install.    [BNNGF-28210]
  • Nov 2015: IKEv2 – Using pre-shared keys with IKEv2 client-to-site VPNs is not possible.    [BNNGF-34874]
  • Nov 2014: Barracuda OSProvider DNS option for DHCP connections created with the box wizard must be enabled manually.    [BNNGF-26880]