Important: Please Read Before Upgrading
Make a backup first. Before installing any firmware version, back up your configuration and read all release notes that apply to versions more recent than the one currently running on your system.
Do not manually reboot your system at any time during an upgrade, unless otherwise instructed by Barracuda Networks Technical Support. The upgrade process typically takes only a few minutes after the upgrade is applied. If the process takes longer, please contact Technical Support for further assistance.
Firmware Version 15.0
What's New in Version 15.0
- Barracuda Content Shield (BCS) Integration – The Barracuda Web Security Gateway can be configured to use the BCS Cloud Web Filtering Service to create and manage web filtering policies in the cloud with the easy-to-use BCS web interface. See Using Barracuda Content Shield With the Barracuda Web Security Gateway.
- Support for Web Categorization Service (WCS) version 3.0. See Web Use Categories 3.0 and Web Categorization Upgrade for Barracuda Web Security Gateway 15.0 and Above.
- Added support for SMB v2 and v3.
- Increased log storage based on model:
- 250K log storage on the Barracuda Web Security Gateway 310
- 500K log storage on the Barracuda Web Security Gateway 410
- 750K log storage on the Barracuda Web Security Gateway 610
- 1M log storage on the Barracuda Web Security Gateway 810
- 1.25M log storage on the Barracuda Web Security Gateway 910
- 1.5M log storage on the Barracuda Web Security Gateway 1010/1011
- Novell e-Directory authentication is no longer supported for the Barracuda Web Security Gateway.
- The option to download the Barracuda Safe Browser has been removed from the ADVANCED > Remote Filtering page.
Fixed in Version 15.0
- NTP synchronization works as expected with default server update01.barracudanetworks.com. [BNYF-15904]
- The HTTPS Blockpage option works as expected when HTTPS Filtering is enabled on the Barracuda Web Security Gateway 310Vx. [BNYF-13449]
- Added support for new hardware drivers.
- Improvement : Policy synchronization with chromebooks. [BNYF-16274, BNYF-16275]
- Addressed issue related to enabling connection with Barracuda Support. [BNYF-16281]
Fixed: Adding a Google Directory Service no longer gives a Google 400 error. [BNYF-16159]
- CVE-2018-5390 - Linux Kernel TCP implementation vulnerable to Denial of Service.
- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479 – TCP SACK Panic vulnerabilities.
Firmware Version 14.1
What's New in Version 14.1
- Enable HTTPS Blockpage – Ability to configure whether or not to serve the user a block page when HTTPS access is denied. Configure on the BLOCK/ACCEPT > Configuration page.
- Added Throughput and Active Users graphs on the BASIC > Dashboard page.
- Upload WPAD/PAC – Ability to upload a WPAD or PAC file instead of setting the client browser proxy to the Barracuda Web Security Gateway IP address on port 3128. The WPAD or PAC file specifies a URL to use for the proxy. Configure on the ADVANCED > Proxy page.
- Drop-down Help button control on some web interface pages, providing links to relevant Barracuda Campus articles for additional information about features configured on those pages.
- Added ADVANCED > Log/Report Settings page for configuring:
- Reports From Address – The email address from which the Barracuda Web Security Gateway emails reports.
- Enable Referer Tracking in Reports – To simplify report results, browse sessions are grouped by referer. Note that if this feature is enabled, both the referer domain and the referer category will be captured in the syslog.
- Hide Existing Categories When Excluding Parent Custom Category – Setting to Yes hides any categories that have been added to a custom category from report data if you exclude that custom category from the report.
- Session Timeout in Reports – For better accuracy in reporting on session time for browsing, sessions with no active traffic after the number minutes specified will be considered to be 'ended' by the Barracuda Web Security Gateway.
- Report Retention Days – Indicates the number of days, up to 6 months, for which you the Barracuda Web Security Gateway should store reporting data.
- Show Full URL in Logs – Provides option for the Barracuda Web Security Gateway to capture the query string portion of URLs in the Web Log.
- Enable Privacy Option – When enabled, this option prevents user names from appearing in the traffic log or any reports.
- Anonymize NTLM User – Provides option to log NTLM users as anonymous.
- Barracuda Reporting Server – Option to connect to and use the Barracuda Reporting Server.
- Added ADVANCED > Configuration page with options to:
- Enable Spyware Protocol Filter – Provides option to either allow or not allow the Barracuda Web Security Gateway to scan non-HTTP ports for spyware activity.
- Exempted Ports – The ports you enter here are exempted from being examined by the Spyware Protocol scanning module.
- Enable WCS Support – For content filtering, provides the option for the Barracuda Web Security Gateway to fetch the top 2 million domains and respective categories from the Barracuda Web Categorization Service in a one-time download, and the Category Definition Updates are set to Off. Categories for domains not in the top 2 million are fetched as needed. Disabling this feature means the local web categorization database on the Barracuda Web Security Gateway is used, with the Category Definition Updates running automatically as needed. For best system performance on lower Barracuda Web Security Gateway models, Barracuda recommends enabling this feature.
- Feature Code – Enables entry of specific feature activation codes provided by Barracuda Networks Support if needed.
- Pass Client IP addresses through WAN port – Provides option to specify whether the Barracuda Web Security Gateway is to expose or hide client IP addresses in egress HTTP traffic.
- Option to configure offline firmware updates if needed.
- New ability to add Certificate Authority (CA) certificates to the Barracuda
ca-bundle.trust.crtby uploading the SSL Certificate on the ADVANCED > SSL Inspection page.
Advanced Threat Protection (ATP)
- The ATP service now gives a 60 day warning on the BASIC > Dashboard page before the associated license expires.
Group-based exceptions no longer fail if the LDAP group name format is
- Fixed issue with some HTTPS sites failing to load when using the IE browser with QAT SSL hardware enabled. [BNYF-15253]
- Added support for new hardware drivers.
- Support for minor changes in the hardware.
- The Application Blocks report in CSV format displays Application Name as expected. [BNYF-15789]
- Exceptions applied to nested Groups work as expected when using NTLM authentication. [BNYF-15814]
- In Users By Requests report, the LDAP Alias Name displays as expected in CSV format output. ] [BNYF-15791
- When the HTTPS Filtering and HTTPS Blockpage features are enabled on the model 310 running 14.1.0 firmware, and SSL Inspection is disabled, a block page is presented for blocked HTTPS websites as expected. [BNYF-15793]
- NTLM Group exceptions based on Nested Group names with mixed case letters do not fail in versions 14.0.0 and 14.1.0.012. [BNYF-15814]
Fixed: Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479. [BNYF-15819]
- When Barracuda Web Security Gateway systems are clustered, or when the cluster Mode of a system in a cluster is changed, Barracuda Web Security Gateway internal processes are cleaned up as expected. [BNYF-15757]
- Fixed issue with CSV based reports displaying current year for last year’s data. [BNYF-15656]
Windows updates work as expected when ATPis enabled. [BNYF-15713]
Fixed issue seen in version 14.1.0.005 where login as admin failed when client machine proxied through the Barracuda Web Security Gateway on Port 3128, and the Send Forwarded-For Header feature on the ADVANCED > Proxy page was disabled. [BNYF-15634]
- Capitalized letters in domain names no longer cause nested group policies to fail for Kerberos groups. [BNYF-15354]
- Fixed issue with users in OUs losing group membership. [BNYF-15443]
- Fixed issue where new system password was synchronized across clustered systems. [BNYF-15533]
New reports including Active Users, Active Users Log, Throughput Usage, and Throughput Log.
The HTTPS Filtering feature configured on the BLOCK/ACCEPT > Configuration page can be enabled as expected when the Enable Auxiliary Port feature is set to Yes in the consconf. [ BNYF-15436 ]