11.1.0 Changelog: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
m (Dmorris moved page 11.1 Changelog to 11.1.0 Changelog over redirect)
No edit summary
Line 18: Line 18:
Wireless cards must support 802.11n to work correctly.  
Wireless cards must support 802.11n to work correctly.  


The channel list in the UI is created from querying the card for it's capabilities. The Intel driver (iwlwifi) only supports 2.4 GHz. Intel 7260 cards have been tested and are known to work. The ath10k driver is included but still being developed. This card supports 802.11ac but this release will not enable it. Only mini-pcie cards have been tested. USB and other cards may work besides the specific ones listed, but have not been tested by Untangle.
The channel list in the UI is created from querying the card for it's capabilities. The Intel driver (iwlwifi) only supports 2.4 GHz.  


= IPsec & Xauth =
= IPsec & Xauth =

Revision as of 21:02, 9 May 2016

Overview

11.1 focuses on several key new features and innovations.

Wireless Support

Wireless support has been added. This allows Untangle to configure wireless cards just like regular network cards in access point mode only.

The following linux wireless drivers are currently supported:

ath9k http://wireless.kernel.org/en/users/Drivers/ath9k
iwlwifi (2.4 GHz only) http://wireless.kernel.org/en/users/Drivers/iwlwifi
ath10k http://linuxwireless.sipsolutions.net/en/users/Drivers/ath10k/

All cards will only allow US frequencies in this release. Cards can only run in access point mode, client mode is not yet supported. Untangle hardware is currently using the ath9k driver with the AR9280 Atheros mini-pcie card.

Wireless cards must support 802.11n to work correctly.

The channel list in the UI is created from querying the card for it's capabilities. The Intel driver (iwlwifi) only supports 2.4 GHz.

IPsec & Xauth

Xauth is a built in protocol support by android and apple devices. Similar to L2TP, it can be used to enforce filtering, protection, and monitoring of remote devices with full tunnel VPN, but does not have many of the complications and problems that are present with L2TP. IPsec also now uses strongswan instead of freeswan internally.

Alerts

Configurable alerts have been added. In reports there is now an "Alert Rules" tab where the user can define what alerts are sent and an "Alert Event Log" where past alerts can be viewed. Alerts can be configured via rules that are evaluated on all other events within the system. If an alert rule matches another event that occurs it can log a special event and optionally send an email to administrators. The setup wizard now asks for an email for the admin account which will receive some alerts that are enabled by default (low disk space, etc).

Linux & SSH

The "terminal" password is now the same as the admin password. On new installations, whenever the admin password is set, the terminal password will be set to the same thing. It no longer requires local access. For upgrades, the terminal password will remain unchanged, but it can be set by changing the admin password. The default partition is now ext4 on new installations.

New Intrusion Prevention beta

We are working on a new Intrusion Prevention app based on the actual snort engine instead of just the snort rules. We believe this will offer better performance and protection, but it works a bit differently. The new Intrusion Prevention will be installed as a service in the service part of the rack and will scan all non-bypassed traffic going through Untangle and to Untangle. It will update rules automatically and has a wizard to help the user configure the ruleset.

The new Intrusion Prevention beta is not visible by default, more information coming soon.

Other

  • VRRP status added (#12004)
  • Many UI improvements to networking to make loading settings faster.
  • Faster application of network settings changes (#12053)
  • Improve session viewer performance (#12054)
  • Added NAT setting for LAN traffic in OpenVPN.
  • Add greylist block to event log in Spam Blocker and Spam Blocker Lite.
  • Tons of other enhancements and minor bugfixes.