It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

Release Notes

  • Last updated on

Important: Please Read Before Upgrading

Make a backup first. Before installing any firmware version, back up your configuration and read all release notes that apply to versions more recent than the one currently running on your system. 

Do not manually reboot your system at any time during an upgrade, unless otherwise instructed by Barracuda Networks Technical Support. The upgrade process typically takes only a few minutes after the upgrade is applied. If the process takes longer, please contact Technical Support for further assistance.

Firmware Version 15.0

What's New in Version 15.0

Web Interface
Policies
Backup
  • Added support for SMB v2 and v3.
Logs
  • Increased log storage based on model:
    • 250K log storage on the Barracuda Web Security Gateway 310
    • 500K log storage on the Barracuda Web Security Gateway 410
    • 750K log storage on the Barracuda Web Security Gateway 610
    • 1M log storage on the Barracuda Web Security Gateway 810
    • 1.25M log storage on the Barracuda Web Security Gateway  910
    • 1.5M log storage on the Barracuda Web Security Gateway  1010/1011
Miscellaneous
  • Novell e-Directory authentication is no longer supported for the Barracuda Web Security Gateway.
  • The option to download the Barracuda Safe Browser has been removed from the ADVANCED > Remote Filtering page.

Fixed in Version 15.0

  • Fixed issue with latency for some inspected sites that were having reverse DNS lookup issues. [BNYF-15991]
  • NTP synchronization works as expected with default server update01.barracudanetworks.com. [BNYF-15904]
  • The HTTPS Blockpage option works as expected when HTTPS Filtering is enabled on the Barracuda Web Security Gateway 310Vx. [BNYF-13449]

Version 15.0.0.009

  • Added support for new hardware drivers.
  • Improvement  : Policy synchronization with chromebooks. [BNYF-16274, BNYF-16275]
  • Addressed issue related to enabling connection with Barracuda Support. [BNYF-16281]

Version 15.0.0.004

  • Fixed: Twitter section on BLOCK/ACCEPT > Web App Monitoring page is titled correctly. [BNYF-15524]

  • Fixed: Adding a Google Directory Service no longer gives a Google 400 error. [BNYF-16159]

  • CVE-2018-5390 - Linux Kernel TCP implementation vulnerable to Denial of Service.
  • CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479 – TCP SACK Panic vulnerabilities.

Firmware Version 14.1

KNOWN ISSUE
  • When connecting to the Barracuda Reporting Server and the join is successful, the error message  "Error: Network connection failed. System will automatically reconnect to the Barracuda Reporting Server when network becomes available." is displayed in the web interface. [BNYF-14761]. After reloading the ADVANCED > Log/Report Settings page, it shows "Barracuda Reporting Server connection established."
  • When the Barracuda Web Security Gateway is upgraded to version 14.1.0, you must also upgrade the Barracuda Reporting Server to version 1.0.3 or higher. With these versions, the Barracuda Reporting Server Serial is required on the ADVANCED > Log/Report Settings page.

What's New in Version 14.1 

  • Enable HTTPS Blockpage – Ability to configure whether or not to serve the user a block page when HTTPS access is denied. Configure on the BLOCK/ACCEPT > Configuration page.
  • Added Throughput and Active Users graphs on the BASIC > Dashboard page.    
  • Upload WPAD/PAC  – Ability to upload a WPAD or PAC file instead of setting the client browser proxy to the Barracuda Web Security Gateway IP address on port 3128. The WPAD or PAC file specifies a URL to use for the proxy. Configure on the ADVANCED > Proxy page.     
Web Interface
  • Drop-down Help button control on some web interface pages, providing links to relevant Barracuda Campus articles for additional information about features configured on those pages.  
  • Added ADVANCED > Log/Report Settings page for configuring:
    • Reports From Address – The email address from which the Barracuda Web Security Gateway emails reports.
    • Enable Referer Tracking in Reports – To simplify report results, browse sessions are grouped by referer. Note that if this feature is enabled, both the referer domain and the referer category will be captured in the syslog.
    • Hide Existing Categories When Excluding Parent Custom Category – Setting to Yes hides any categories that have been added to a custom category from report data if you exclude that custom category from the report.
    • Session Timeout in Reports – For better accuracy in reporting on session time for browsing, sessions with no active traffic after the number minutes specified will be considered to be 'ended' by the Barracuda Web Security Gateway.
    • Report Retention Days – Indicates the number of days, up to 6 months, for which you the Barracuda Web Security Gateway should store reporting data.
    • Show Full URL in Logs – Provides option for the Barracuda Web Security Gateway to capture the query string portion of URLs in the Web Log.
    • Enable Privacy Option – When enabled, this option prevents user names from appearing in the traffic log or any reports.
    • Anonymize NTLM User – Provides option to log NTLM users as anonymous.
    • Barracuda Reporting Server  – Option to connect to and use the Barracuda Reporting Server.
  • Added ADVANCED > Configuration page with options to:
    • Enable Spyware Protocol Filter – Provides option to either allow or not allow the Barracuda Web Security Gateway to scan non-HTTP ports for spyware activity.
    • Exempted Ports – The ports you enter here are exempted from being examined by the Spyware Protocol scanning module.
    • Enable WCS Support – For content filtering, provides the option for the Barracuda Web Security Gateway to fetch the top 2 million domains and respective categories from the Barracuda Web Categorization Service in a one-time download, and the Category Definition Updates are set to Off. Categories for domains not in the top 2 million are fetched as needed. Disabling this feature means the local web categorization database on the Barracuda Web Security Gateway is used, with the Category Definition Updates running automatically as needed. For best system performance on lower Barracuda Web Security Gateway models, Barracuda recommends enabling this feature.
    • Feature Code – Enables entry of specific feature activation codes provided by Barracuda Networks Support if needed. 
    • Pass Client IP addresses through WAN port – Provides option to specify whether the Barracuda Web Security Gateway is to expose or hide client IP addresses in egress HTTP traffic.
    • Option to configure offline firmware updates if needed.  
SSL Inspection
  •  New ability to add Certificate Authority (CA) certificates to the Barracuda ca-bundle.trust.crt by uploading the SSL Certificate on the ADVANCED > SSL Inspection page.
Advanced Threat Protection (ATP)
  • The ATP service now gives a 60 day warning on the BASIC > Dashboard page before the associated license expires.

Fixed in Version 14.1

  • Group-based exceptions no longer fail if the LDAP group name format is  groupname@domainname.com . [BNYF-15159]          

  • Fixed issue with some HTTPS sites failing to load when using the IE browser with QAT SSL hardware enabled. [BNYF-15253] 

Version 14.1.0.021

  • Added support for new hardware drivers.

Version 14.1.0.016

  • Support for minor changes in the hardware.

Version 14.1.0.014

  • The Application Blocks report in CSV format displays Application Name as expected. [BNYF-15789] 
  • Exceptions applied to nested Groups work as expected when using NTLM authentication. [BNYF-15814]
  • In Users By Requests report, the LDAP Alias Name displays as expected in CSV format output.  [BNYF-15791] 
  • When the HTTPS Filtering and HTTPS Blockpage features are enabled on the model 310 running 14.1.0 firmware, and SSL Inspection is disabled, a block page is presented for blocked HTTPS websites as expected. [BNYF-15793]
  • NTLM Group exceptions based on Nested Group names with mixed case letters do not fail in versions 14.0.0 and 14.1.0.012. [BNYF-15814]
  • Fixed: Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479. [BNYF-15819] 

Version 14.1.0.012

  • When Barracuda Web Security Gateway systems are clustered, or when the cluster Mode of a system in a cluster is changed, Barracuda Web Security Gateway internal processes are cleaned up as expected. [BNYF-15757]

Version 14.1.0.010

  •  Fixed issue with CSV based reports displaying current year for last year’s data. [BNYF-15656]
  •  Timeout time frame for ATP scanning is increased from 10 to 30 seconds for Scan First, then Deliver option. [BNYF-15662]
  • Windows updates work as expected when ATP Scan First, then Deliver option is enabled. [BNYF-15713]

Version 14.1.0.006

  • Fixed issue seen in version 14.1.0.005 where login as admin failed when client machine proxied through the Barracuda Web Security Gateway on Port 3128, and the Send Forwarded-For Header feature on the ADVANCED > Proxy page was disabled. [BNYF-15634] 

  • Fixed issue seen in version 14.1.0.005 where login as admin failed when client machine proxied through the Barracuda Web Security Gateway on Port 3128, and Supported SSL Protocols was set to TLSv1 on the ADVANCED > Secure Administration page, and  Web interface HTTPS/SSL Port was set to 443 on the ADVANCED > Secure Administration page, and Send Forwarded-For Header was set to Yes on the ADVANCED > Proxy page. [BNYF-15620]

Version 14.1.0.005

  • Capitalized letters in domain names no longer cause nested group policies to fail for Kerberos groups. [BNYF-15354] 
  • Fixed issue with users in OUs losing group membership. [BNYF-15443]
  • Fixed issue where new system password was synchronized across clustered systems. [BNYF-15533]

Version 14.1.0.004

  • New reports including Active Users, Active Users Log, Throughput Usage, and Throughput Log.

  • The HTTPS Filtering feature configured on the BLOCK/ACCEPT > Configuration page can be enabled as expected when the Enable Auxiliary Port feature is set to Yes in the consconf.  [ BNYF-15436 ]   

 

 

Last updated on