11.1.0 Changelog: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
 
(One intermediate revision by one other user not shown)
Line 14: Line 14:


All cards will only allow US frequencies in this release. Cards can only run in access point mode, client mode is not yet supported.  
All cards will only allow US frequencies in this release. Cards can only run in access point mode, client mode is not yet supported.  
Untangle hardware is currently using the ath9k driver with the AR9280 and AR94xx Atheros mini-pcie card.  
Untangle hardware is currently using the ath9k driver with the AR9280 and AR93xx Atheros mini-pcie card.  


Wireless cards must support 802.11n to work correctly.  
Wireless cards must support 802.11n to work correctly.  
Line 22: Line 22:
= IPsec & Xauth =
= IPsec & Xauth =


Xauth is a built in protocol support by android and apple devices. Similar to L2TP, it can be used to enforce filtering, protection, and monitoring of remote devices with full tunnel VPN, but does not have many of the complications and problems that are present with L2TP.
Xauth is a built in protocol supported by android and apple devices. Similar to L2TP, it can be used to enforce filtering, protection, and monitoring of remote devices with full tunnel VPN, but does not have many of the complications and problems that are present with L2TP.
IPsec also now uses strongswan instead of freeswan internally.
IPsec also now uses strongswan instead of freeswan internally.



Latest revision as of 23:36, 11 November 2019

Overview

11.1 focuses on several key new features and innovations.

Wireless Support

Wireless support has been added. This allows Untangle to configure wireless cards just like regular network cards in access point mode only.

Wireless cards that use the following linux wireless drivers are the most likely to function:

ath9k http://wireless.kernel.org/en/users/Drivers/ath9k
iwlwifi (2.4 GHz only) http://wireless.kernel.org/en/users/Drivers/iwlwifi
ath10k http://linuxwireless.sipsolutions.net/en/users/Drivers/ath10k/

All cards will only allow US frequencies in this release. Cards can only run in access point mode, client mode is not yet supported. Untangle hardware is currently using the ath9k driver with the AR9280 and AR93xx Atheros mini-pcie card.

Wireless cards must support 802.11n to work correctly.

The channel list in the UI is created from querying the card for it's capabilities. The Intel driver (iwlwifi) only supports 2.4 GHz.

IPsec & Xauth

Xauth is a built in protocol supported by android and apple devices. Similar to L2TP, it can be used to enforce filtering, protection, and monitoring of remote devices with full tunnel VPN, but does not have many of the complications and problems that are present with L2TP. IPsec also now uses strongswan instead of freeswan internally.

Alerts

Configurable alerts have been added. In reports there is now an "Alert Rules" tab where the user can define what alerts are sent and an "Alert Event Log" where past alerts can be viewed. Alerts can be configured via rules that are evaluated on all other events within the system. If an alert rule matches another event that occurs it can log a special event and optionally send an email to administrators. The setup wizard now asks for an email for the admin account which will receive some alerts that are enabled by default (low disk space, etc).

Linux & SSH

The "terminal" password is now the same as the admin password. On new installations, whenever the admin password is set, the terminal password will be set to the same thing. It no longer requires local access. For upgrades, the terminal password will remain unchanged, but it can be set by changing the admin password. The default partition is now ext4 on new installations.

New Intrusion Prevention beta

We are working on a new Intrusion Prevention app based on the actual snort engine instead of just the snort rules. We believe this will offer better performance and protection, but it works a bit differently. The new Intrusion Prevention will be installed as a service in the service part of the rack and will scan all non-bypassed traffic going through Untangle and to Untangle. It will update rules automatically and has a wizard to help the user configure the ruleset.

The new Intrusion Prevention beta is not visible by default, more information coming soon.

Other

  • VRRP status added (#12004)
  • Many UI improvements to networking to make loading settings faster.
  • Faster application of network settings changes (#12053)
  • Improve session viewer performance (#12054)
  • Added NAT setting for LAN traffic in OpenVPN.
  • Add greylist block to event log in Spam Blocker and Spam Blocker Lite.
  • Tons of other enhancements and minor bugfixes.