What´s New in Version 7.0.4
NextGen Firewall firmware 7.0.4 is a maintenance release. No new features were added.
Improvements Included in Version 7.0.4
Barracuda NextGen Admin
- In the access rule editor, when using network objects for the destination, the Create Proxy ARP checkbox is available only for single IPv4 addresses. [BNNGF-37764]
- It is now possible to enter a hostname as the Remote Gateway in the IKEv2 IPsec VPN tunnel configuration. [BNNGF-41471]
- The reverse proxy now delivers root certificates only once per request. [BNNGF-46029]
- All available and uploaded update files are now displayed in the Download Portal and Files on Control Center sections of the Firmware Update page on the Control Center. [BNNGF-46467]
- The firewall dashboard now correctly displays content older that 7 days. [BNNGF-46908]
- IPv6 addresses are now shown correctly in the GTI Editor. [BNNGF-47295]
- When connecting to a NextGen Firewall with an old version of NextGen Admin, a warning is displayed. [BNNGF-47333]
- NextGen Admin now supports virtual DPI scaling for high resolution displays. [BNNGF-48005]
- ICMP policies are now copied together with a related access rule. [BNNGF-48046]
- In case a redirection target list reference is selected in a firewall rule, the fallback and cycle combo element is disabled. [BNNGF-48185]
- GTI configurations for IPsec tunnels now work as expected. [BNNGF-48342]
- Uploading a local package to the Control Center firmware update UI no longer causes timeouts. [BNNGF-48552]
- Adding entries for DNS zones now works as expected. [BNNGF-48703]
- When downloading terms of service during an activation with the wizard, the proxy settings are now used as expected. [BNNGF-49151]
- License tokens are now case insensitive. [BNNGF-49166]
- Up/Lifetime information for VPN tunnels is now displayed correctly. [BNNGF-49261]
- The entry Toggle Trace in the pop-up menu of the Firewall Live View is no longer available. [BNNGF-49574]
- Firewall stability improvements. [BNNGF-49639]
- QoS configuration is only available for IPv4. [BNNGF-50067]
- Firewall Monitor in NextGen Admin now correctly evaluates time information. [BNNGF-50449]
- Copying serial numbers to the clipboard now works as expected in the Control Center activation tab. [BNNGF-50512]
- Peer and local addresses are now displayed correctly in the NextGen Admin VPN status pages. [BNNGF-50699]
- Display of firewall users in grouped view is no longer rendered unreadable with long group text. [BNNGF-50826]
Barracuda OS
- Events for expiring Energize Updates licenses are now created as expected. [BNNGF-41720]
- Performance improvements for VPN tunnels on Ethernet Bundles (bond) interfaces running on NextGen Firewall hardware models using the igb driver. [BNNGF-42808]
- Configuration changes via NextGen Admin no longer cause user authentication session information to be reset on the firewall. [BNNGF-44891]
- Web Security Gateway authentication scheme now works as expected. [BNNGF-45113]
- Configuration of the TS Agent now supports Group Filter Patterns and works similar to existing configuration options for DC Agent. [BNNGF-45438]
- Adding new PTR entries to the forward lookup zone now works as expected if both the forward AND reverse lookup zone is locked before the change. [BNNGF-46055]
- F800 Rev. B models with module M801 no longer experience port flapping with higher load. [BNNGF-46304]
- DSL connections using the internal Barracuda DSL modem can now be started and stopped on the CONTROL > Box page in the Dynamic Networks section of the left menu. [BNNGF-47819]
- DSL now works as expected after an import of a PAR file. [BNNGF-47907]
- VLAN references are no longer displayed after the deletion of the VLAN. [BNNGF-48054]
- DSL WAN connections using DHCP to receive the IP address from the ISP now work as expected. [BNNGF-48064]
- Firewall stability improvements. [BNNGF-48225]
- The firewall no longer drops packets that are larger than the MTU. [BNNGF-48521]
- Soft Activation no longer causes a network interruption. [BNNGF-48862]
- Interface names are now mapped correctly from the Defaults file for port names. [BNNGF-49478]
- Auto-created source-based routing now works as expected. [BNNGF-49726]
- The security issue to protect against the WPA2 vulnerability (KRACK attack) has been resolved. [BNNGF-49766]
- TCPDump no longer disables a bundled interface in promiscuous mode. [BNNGF-49793]
- The threshold for lower fan speeds has been adjusted to accept cooler ambient temperatures. [BNNGF-49795]
- Initial NTP synchronization now works as expected. [BNNGF-49860]
- IPsec now triggers event ID 3000 as expected. [BNNGF-50824]
- HA takeover now works in acceptable times as expected. [BNNGF-50887]
Control Center
- Control Center license updates for managed firewalls no longer fail due to a failed lock on the license configuration node. [BNNGF-40233]
- Status colors in the Control Center status map are displayed correctly if an AV license is still valid and less than 90 days. [BNNGF-45530]
- If the serial gets changed on a virtual firewall, the activation daemon now downloads new licenses. [BNNGF-47608]
- SCA setups are no longer broken after an upgrade of a Control Center. [BNNGF-48187]
- The NextGen Firewall now creates correct events on boxes when external admins authenticate without a password on the Control Center. [BNNGF-48738]
- In rare cases the Control Center Configuration Service ran out ouf resources. This issue has been resolved. [BNNGF-49488]
Firewall
- Application Rules and URL categories now match correctly. [BNNGF-24209]
- The Root DNS network object now contains the current DNS root servers. [BNNGF-38070]
- Global firewall objects are now immediately activated by the firewall engine after a configuration on the Control Center. [BNNGF-38201]
- Application Provider Selection improvements for applications using SNI in the TLS 1.2 handshake. [BNNGF-45975]
- SSL Interception now correctly handles connections where the MTU/MSS size is smaller than the default. [BNNGF-48135]
- FTP and SIP plugins no longer cause a system crash. [BNNGF-48540]
- The trans7 process no longer produces a segmentation fault in certain situations. [BNNGF-49135]
- FTP sessions are now handled correctly and no longer cause different errors. [BNNGF-49507]
SSL / VPN
- Favorites/attributes are no longer lost during backup and restore. [BNNGS-199]
- Characters encoded in UTF-8 are now handled correctly in text attributes. [BNNGS-435]
VPN
- VPN routing in combination with BGP, TINA, and IPsec using main routing tables now works as expected. [BNNGF-49698]
- Certificate-based authentication for site-to-site IPSEC with multiple altSubjectNames now works as expected. [BNNGF-50418]
- Establishing an IKEv1 site-to-site VPN tunnel in aggressive mode now works as expected. [BNNGF-50597]
Current Known Issues
- Nov 2017: URL Filter – URL Filtering currently does not work with PAYG images.
-
Nov 2017: VLANs – Transferring data over configured VLAN interfaces of a NextGen Firewall F180 or F280b can fail even if the MTU size is changed. [BNNGF-46289]
- Feb 2017: NextGen Firewall F10 Rev A – It is currently not possible to install a Barracuda NextGen Firewall F10 Rev A via F-Series Install. Install 6.2.2 and upgrade to 7.0.4 instead. [BNNGF-43579]
- Oct 2016: Application Based Routing – Streaming web applications such as WebEx, GoToMeeting, or bit torrent always use the default connection configured in the application-based provider selection object. [BNNGF-42261]
- Sept 2016: IPsec IKEv1 IPv6 – It is not possible to use hostnames as the remote gateway.
- Sept 2016: IPsec IKEv1 IPv6 – It is not possible to use a dynamic local gateway.
- Sept 2016: TINA IPv6 – It is not possible to use proxies for TINA VPN tunnels using IPv6.
- Sept 2016: OSPF – Enabling OSPF through the Run OSPF Router setting currently has no effect on freshly installed 7.0.0 firewalls. Enable OSPF by entering a dummy IP address in the Summary Range IP/ Mask list of the OSPF Area Setup.
- Sept 2016: VMware – Network interfaces using the VMXNET3 driver do not send IPsec keepalive packets unless TX checksumming is disabled for the interface (ethtool -K INTERFACE tx off). [BNNGF-38823]
- Sept 2016: URL Filter – Firewalls running 6.2.0 or higher that are managed by a Control Center using firmware 6.0.X or 6.1.X must complete a dummy change in the security policy whenever enabling/disabling the URL Filter in the General Firewall Settings.
- Sept 2016: Azure – After updating a firewall using Azure UDR via Azure Service Manager, the Deployment Type might be displayed incorrectly as y. This does not affect updating Azure UDR routes.
- Sept 2016: IKEv1 IPsec – When using 0.0.0.0 as a local IKE gateway, you must enable Use IPsec Dynamic IPs and restart the VPN service before a listener on 0.0.0.0 is created.
- Sept 2016: HTTP Proxy – Custom block pages do not work for the HTTP Proxy when running on the same NextGen F-Series Firewall as the Firewall service. This issue does not occur when running the HTTP Proxy service on a second NextGen F-Series Firewall behind the NextGen F-Series Firewall running the Firewall service.
- Sept 2016: Terminal Server Agent – It is not currently possible to assign connections to Windows network shares to the actual user.
- Mar 2016:SSH – There is no sshd listener for IPv6 management IP addresses. [BNNGF-37403]
- Feb 2016: Azure Control Center – On first boot, "fatal" log messages may occur because master.conf is missing. These log messages can be ignored. [BNNGF-36537]
- Feb 2015: CC Wizard – The CC Wizard is not currently supported for Control Centers deployed using Barracuda F-Series Install. [BNNGF-28210]
- Nov 2015: IKEv2 – Using pre-shared keys with IKEv2 client-to-site VPNs is not possible. [BNNGF-34874]
- Nov 2014: Barracuda OS – Provider DNS option for DHCP connections created with the box wizard must be enabled manually. [BNNGF-26880]