https://wiki.edge.arista.com/api.php?action=feedcontributions&user=Bcarmichael&feedformat=atomEdge Threat Management Wiki - Arista - User contributions [en]2024-03-28T16:04:28ZUser contributionsMediaWiki 1.41.0https://wiki.edge.arista.com/index.php?title=NG_Firewall_Changelogs&diff=28654NG Firewall Changelogs2024-02-22T20:22:04Z<p>Bcarmichael: /* Major Releases */</p>
<hr />
<div>The sections below detail notable changes made to the NG Firewall software in each revision.<br />
<br />
= Major Releases =<br />
* [[17.1 Changelog]]<br />
* [[17.0 Changelog]]<br />
* [[16.6 Changelog]]<br />
* [[16.5 Changelog]]<br />
* [[16.4 Changelog]]<br />
* [[16.3 Changelog]]<br />
* [[16.2 Changelog]]<br />
* [[16.1 Changelog]]<br />
* [[16.0 Changelog]]<br />
* [[15.1 Changelog]]<br />
* [[15.0.0 Changelog]]<br />
* [[14.2.2 Changelog]]<br />
* [[14.2.1 Changelog]]<br />
* [[14.2.0 Changelog]]<br />
* [[14.1.2 Changelog]]<br />
* [[14.1.1 Changelog]]<br />
* [[14.1.0 Changelog]]<br />
* [[14.0.1 Changelog]]<br />
* [[14.0.0 Changelog]]<br />
* [[13.2.1 Changelog]]<br />
* [[13.2.0 Changelog]]<br />
* [[13.1.1 Changelog]]<br />
* [[13.1.0 Changelog]]<br />
* [[13.0.0 Changelog]]<br />
<br />
= Date Changes =<br />
<br />
Minor builds are newly released updates or builds without a change in the overall MAJOR.MINOR version number. The date changelog shows all changes by date.<br />
<br />
[[Date Changelog]]<br />
<br />
= Active Directory Monitor =<br />
<br />
The Active Directory Monitor software installs on the Active Directory server and is released independently of other products.<br />
<br />
[[Active Directory Monitor Changelog]]<br />
<br />
<!-- hiding as this is very old content<br />
<br />
= Old NGFW Changelogs =<br />
<br />
* [[12.2.1 Changelog]]<br />
* [[12.2.0 Changelog]]<br />
* [[12.1.2 Changelog]]<br />
* [[12.1.1 Changelog]]<br />
* [[12.1.0 Changelog]]<br />
* [[12.0.1 Changelog]]<br />
* [[12.0.0 Changelog]]<br />
* [[11.2.1 Changelog]]<br />
* [[11.2.0 Changelog]]<br />
* [[11.1.0 Changelog]]<br />
* [[11.0.1 Changelog]]<br />
* [[11.0.0 Changelog]]<br />
* [[10.2.1 Changelog]]<br />
* [[10.2.0 Changelog]]<br />
* [[10.1.0 Changelog]]<br />
* [[10.0.0 Changelog]]<br />
* [[9.4.2 Changelog]]<br />
* [[9.4.1 Changelog]]<br />
* [[9.4.0 Changelog]]<br />
* [[9.3.2 Changelog]]<br />
* [[9.3.1 Changelog]]<br />
* [[9.3.0 Changelog]]<br />
* [[9.2.1 Changelog]]<br />
* [[9.2.0 Changelog]]<br />
* [[9.1.1 Changelog]]<br />
* [[9.1.0 Changelog]]<br />
* [[9.0.2 Changelog]]<br />
* [[9.0.1 Changelog]]<br />
* [[9.0.0 Changelog]]<br />
<br />
--></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=17.1_Changelog&diff=2865317.1 Changelog2024-02-22T20:21:37Z<p>Bcarmichael: Created page with "= 17.1 = Version 17.1 includes the following enhancements and bug fixes: NGFW 17.1 Release Notes * Updated GeoIP database * Updated default IPS signatures database * Update..."</p>
<hr />
<div>= 17.1 =<br />
<br />
Version 17.1 includes the following enhancements and bug fixes:<br />
<br />
NGFW 17.1 Release Notes<br />
<br />
* Updated GeoIP database<br />
* Updated default IPS signatures database<br />
* Updated Application Control library<br />
* Fixed IPS rules for severity levels required signature update<br />
* Fixed IPS signatures were not updated immediately after app installation<br />
* Fixed Web Filter responses for unknown categories being blocked<br />
* Fixed specific Javascript exceptions caused instability of the main process<br />
* Added options for Energy Efficient Ethernet in the advanced network card properties<br />
* Added Web Filter category for Generative AI<br />
* Applied security fixes for CVE-2023-41993 CVE-2023-41074 CVE-2023-39928 CVE-2023-32359<br />
* Applied security fixes to mitigate SQL injection attempts<br />
* Disabled TLS v1.1<br />
* Increased capacity of URL lookups in Web Filter<br />
* Increased capacity of DHCP leases</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=Template:TriScreenshot&diff=28642Template:TriScreenshot2024-02-08T15:47:13Z<p>Bcarmichael: </p>
<hr />
<div>[[Image:1200x800_{{{1}}}_{{{2}}}_{{{3}}}.png|center|thumb|800px|]]</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=Template:ServiceAppScreenshot&diff=28641Template:ServiceAppScreenshot2024-02-08T15:46:29Z<p>Bcarmichael: </p>
<hr />
<div>[[Image:1200x800_apps_{{{1}}}_{{{2}}}.png|center|thumb|800px|]]</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:1600x1080_apps.png&diff=28634File:1600x1080 apps.png2024-02-06T16:47:39Z<p>Bcarmichael: Bcarmichael uploaded a new version of File:1600x1080 apps.png</p>
<hr />
<div>Importing file</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:1600x1080_dashboard.png&diff=28633File:1600x1080 dashboard.png2024-02-06T16:45:20Z<p>Bcarmichael: Bcarmichael uploaded a new version of File:1600x1080 dashboard.png</p>
<hr />
<div>Importing file</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=Setup_Wizard&diff=28632Setup Wizard2024-02-06T16:43:31Z<p>Bcarmichael: /* Welcome Page */</p>
<hr />
<div>The ''Setup Wizard'' will open automatically when NG Firewall first boots.<br />
If you do not have a keyboard/mouse/video connected to the NG Firewall server, the Setup Wizard can be reached by plugging into a DHCP-configured laptop into the internal interface opening a browser to <nowiki>http://192.168.2.1/</nowiki>.<br />
<br />
Once installed, the setup wizard can be repeated at any time and can be found in the NG Firewall GUI at '''Config > System > Support''' > Setup Wizard.<br />
<br />
=== Welcome Page ===<br />
For versions 16.3 and newer the Setup Wizard begins with a welcome page. Choose to either create an ETM Dashboard account or login with an existing account to get started. Your ETM Dashboard account is free and is necessary to activate a trial or complete license on the device. Your account is also linked to [https://www.untangle.com/cloud/command-center/ ETM Dashboard], enabling you to remotely manage your Arista Edge Threat Management appliances.<br />
<br />
By logging in or creating your ETM Dashboard account, the Add Appliance wizard opens automatically and includes the UID of your appliance. The Add Appliance wizard guides you through the remainder of the setup steps for your new NG Firewall appliance. See [https://support.untangle.com/hc/en-us/articles/115004175567-Adding-Untangle-appliances-to-ETM-Dashboard Adding Appliances to ETM Dashboard] for more details.<br />
<br />
If your NG Firewall device is not connected to the Internet or requires specific configuration to connect, the wizard allows you to Configure the Internet Connection. If you are unable to connect to the Internet, you can continue with the local setup wizard by following these instructions: [[Offline Setup Wizard]]<br />
<br />
The next steps include installing the desired apps and possibly tuning the configuration of your NG Firewall.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=NG_Firewall_Virtual_Appliance_on_VMware&diff=28631NG Firewall Virtual Appliance on VMware2024-01-23T19:19:39Z<p>Bcarmichael: </p>
<hr />
<div>NG Firewall can be virtualized through a [http://en.wikipedia.org/wiki/Virtual_appliance virtual appliance] running on [http://www.vmware.com VMware] ESX or ESXi.<br />
<br />
The virtual appliance can also be used in for demonstrations in VMware player, workstation, fusion, or server, but it is not recommended run a production installation in these environments. Support will help with '''NG Firewall''' configuration but configuration of the virtualization hypervisor is beyond the scope of Edge Threat Management support.<br />
<br />
:* '''Demo virtual appliance''': suitable for installation on a laptop or desktop in order to have a working instance of the platform running inside your Window, OS X, or Linux OS for testing or demonstration purposes. This is supported using VMware Player, Fusion, Server, or Workstation and requires only one physical network interface. Use this mode if you have only one physical network interface in your VMware host machine. <br />
:* '''Production virtual appliance:''' to be used as a network gateway. This mode requires at least two physical network interfaces (three if you want or need an external DMZ). We recommend you use either VMware ESX or ESXi Server. Use this mode if you have two or more physical network interfaces that you can connect to external, internal and (optionally) DMZ networks.<br />
<br />
<br />
== NG Firewall Support and VMware ==<br />
<br />
Arista Edge Threat Management wants you to have a successful deployment. Unfortunately, our support staff doesn't have the expertise in VMware ESX to ensure that we can help you with installing and configuring VMware. We will certainly help you with your NG Firewall configuration, provided it's running on ESX.<br />
<br />
That being said, we'd like to make you aware that systems like NG Firewall that require a lot of real time processing aren't great candidates for virtualization. VMware works by "time-slicing" the physical CPUs in the host system. While the VMware server is off processing other virtual machines, the NG Firewall server is unable to process traffic. At the same time, network traffic continues to arrive. This traffic stacks up and presents itself to the NG Firewall VM as "bursty." This exacerbates any high load issues that may be present. The exact threshold of where it will be unsuitable is hard to say. It is a combination of traffic level, types of traffic, and user expectations.<br />
<br />
'''In summary''': We do not recommend virtualizing NG Firewall. If you choose to install NG Firewall in a virtual environment, the support team will assist you with any issues related to the NG Firewall and its applications, but they will not help with virtualization set up/connectivity issues or issues caused by virtualization (high load, slow speeds, etc).<br />
<br />
== How to install on ESX or ESXi ==<br />
<br />
=== Before we get started ===<br />
<br />
Requirements:<br />
<br />
# VMware ESX server version 6.5.0 Update 3 or newer<br />
# One virtual NIC and vSwitch per NG Firewall Interface<br />
<br />
==== Download the NG Firewall Virtual Machine ====<br />
<br />
* Download the NG Firewall Virtual Appliance:<br />
1. Log into your Edge Threat Management account.<br />
2. Click GET STARTED at the top right-hand corner.<br />
3. Select the latest version and download the ISO file.<br />
<br />
==== Deploy image to ESX server ====<br />
* Once the image is downloaded, open your VMware vSphere Client and login to your server.<br />
[[Image:vmware3.jpg|none|256px|vCenter Login]] <br />
* Once you are logged in, click File -> “Deploy OVF Template…”<br />
[[Image:vmware4.jpg|none|128px|vCenter File->Deploy]] <br />
* In the “Deploy OVF Template” wizard mark “Deploy from file:” And hit “Browse…”<br />
[[Image:vm5.jpg|none|512px|vCenter Deploy Wizard 1]] <br />
* Browse to the location where you saved your image and click "Open".<br />
* Then hit “Next” <br />
[[Image:vm7.jpg|none|512px|vCenter Deploy Wizard 2]] <br />
* Read The Template Details and click “Next”.<br />
[[Image:vm8.jpg|none|512px|vCenter Deploy Wizard 3]] <br />
* In the “Name and Location screen” you may either change the name or leave it at the default. Click “Next”. <br />
[[Image:vm9.jpg|none|512px|vCenter Deploy Wizard 4]] <br />
* In the “Resource Pool screen” If you use Resource Pools, select the appropriate pool for the new NG Firewall VM and click "Next". Note: You can always move the VM to another Resource Pool after it's installed. <br />
[[Image:vm10.jpg|none|512px|vCenter Deploy Wizard 5]] <br />
* In the “Datastore screen” Select what datastore you want use click “Next”.<br />
[[Image:vm11.jpg|none|512px|vCenter Deploy Wizard 6]] <br />
* In the “Ready to Complete” screen, verify that everything looks OK and click “Finish”<br />
[[Image:vm12.jpg|none|512px|vCenter Deploy Wizard 7]] <br />
* Wait for the “Deploying” Progress Meter.<br />
[[Image:vm13.jpg|none|256px|vCenter Deploy Progress Meter]] <br />
* When it is done, Click "Close".<br />
[[Image:vm14.jpg|none|256px|vCenter Deployment Completed]]<br />
==== Verify/Configure Physical NIC to vSwitch mappings ====<br />
* Setup/confirm your vSwitch Settings. Click on the ESX host, then select “Configuration" tab and "Hardware -> Networking” <br />
[[Image:vm19.jpg|none|512px|vCenter Hardware->Networking]]<br />
* It is best practice to place your “Management Network “ is on a own vSwitch. (This is not a Must but if you can make sure that NG Firewall does not exist on the same vSwitch as any Management Interface)<br />
* On the vSwitches that NG Firewall will connect to activate “promiscuous mode” click on “Properties…”<br />
* Ensure that Promiscuous has status “Accept” otherwise hit "Edit" and go to the “Security “ Tab and change “Reject” to “Accept”. You will need to do this on all vSwitches that NG Firewall Virtual Machine connects to!<br />
[[Image:vm21.jpg|none|512px|vCenter vSwitch Properties2]]<br />
==== Configure the Virtual Machine for your Network ====<br />
* Right click on the new Virtual Machine and select “Edit Settings”.<br />
[[Image:vm15.jpg|none|256px|vCenter Edit Settings]]<br />
* You will need to add new virtual NICs and connect them to the appropriate vSwitches. Warning! Two Bridged Interfaces to the same vSwitch will crash your ESX server. Each NG Firewall NIC should be connected to its own vSwitch. Each vSwitch should be connected to it's own Physical NIC, or at least be separated by VLAN tagging at the physical NIC level.<br />
* In this example, you can see that the new NICs are connected to different vSwitches labeled LAN and DMZ. <br />
[[Image:vm17.jpg|none|512px|vCenter VM properties]]<br />
* Under “Options”->“VMware Tools” make sure to check the “Synchronize guest time with host” and click "OK"<br />
[[Image:vm18.jpg|none|512px|vCenter VM properties/tools options]]<br />
==== Celebrate! You're at the end ====<br />
Now you are ready to Power on your NG Firewall VM.<br />
<br />
== More Info and Troubleshooting ==<br />
<br />
For more information on the underlying issues, please see the following:<br />
<br />
* Kernel documentation<br />
* [http://www.vmware.com/support/pubs/ VMware documentation]<br />
* [http://www.microsoft.com/technet/prodtechnol/virtualserver/2005/proddocs/default.mspx?mfr=true Microsoft Virtual Server documentation]<br />
* [http://forums.untangle.com Edge Threat Management Community Support]<br />
* [http://www.untangle.com/live-support Edge Threat Management Live Support]<br />
For information about using your new NG Firewall software, see our [[NG Firewall Server User's Guide]].</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm18.jpg&diff=28630File:Vm18.jpg2024-01-23T19:18:53Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm17.jpg&diff=28629File:Vm17.jpg2024-01-23T19:18:33Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm15.jpg&diff=28628File:Vm15.jpg2024-01-23T19:18:16Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm21.jpg&diff=28627File:Vm21.jpg2024-01-23T19:17:44Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm19.jpg&diff=28626File:Vm19.jpg2024-01-23T19:16:59Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm14.jpg&diff=28625File:Vm14.jpg2024-01-23T19:16:37Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm13.jpg&diff=28624File:Vm13.jpg2024-01-23T19:16:19Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm12.jpg&diff=28623File:Vm12.jpg2024-01-23T19:15:56Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm11.jpg&diff=28622File:Vm11.jpg2024-01-23T19:15:41Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm10.jpg&diff=28621File:Vm10.jpg2024-01-23T19:15:22Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm9.jpg&diff=28620File:Vm9.jpg2024-01-23T19:14:55Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm8.jpg&diff=28619File:Vm8.jpg2024-01-23T19:14:27Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm7.jpg&diff=28618File:Vm7.jpg2024-01-23T19:14:06Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=NG_Firewall_Virtual_Appliance_on_VMware&diff=28617NG Firewall Virtual Appliance on VMware2024-01-23T19:13:49Z<p>Bcarmichael: </p>
<hr />
<div>NG Firewall can be virtualized through a [http://en.wikipedia.org/wiki/Virtual_appliance virtual appliance] running on [http://www.vmware.com VMware] ESX or ESXi.<br />
<br />
The virtual appliance can also be used in for demonstrations in VMware player, workstation, fusion, or server, but it is not recommended run a production installation in these environments. Support will help with '''NG Firewall''' configuration but configuration of the virtualization hypervisor is beyond the scope of Edge Threat Management support.<br />
<br />
:* '''Demo virtual appliance''': suitable for installation on a laptop or desktop in order to have a working instance of the platform running inside your Window, OS X, or Linux OS for testing or demonstration purposes. This is supported using VMware Player, Fusion, Server, or Workstation and requires only one physical network interface. Use this mode if you have only one physical network interface in your VMware host machine. <br />
:* '''Production virtual appliance:''' to be used as a network gateway. This mode requires at least two physical network interfaces (three if you want or need an external DMZ). We recommend you use either VMware ESX or ESXi Server. Use this mode if you have two or more physical network interfaces that you can connect to external, internal and (optionally) DMZ networks.<br />
<br />
<br />
== NG Firewall Support and VMware ==<br />
<br />
Arista Edge Threat Management wants you to have a successful deployment. Unfortunately, our support staff doesn't have the expertise in VMware ESX to ensure that we can help you with installing and configuring VMware. We will certainly help you with your NG Firewall configuration, provided it's running on ESX.<br />
<br />
That being said, we'd like to make you aware that systems like NG Firewall that require a lot of real time processing aren't great candidates for virtualization. VMware works by "time-slicing" the physical CPUs in the host system. While the VMware server is off processing other virtual machines, the NG Firewall server is unable to process traffic. At the same time, network traffic continues to arrive. This traffic stacks up and presents itself to the NG Firewall VM as "bursty." This exacerbates any high load issues that may be present. The exact threshold of where it will be unsuitable is hard to say. It is a combination of traffic level, types of traffic, and user expectations.<br />
<br />
'''In summary''': We do not recommend virtualizing NG Firewall. If you choose to install NG Firewall in a virtual environment, the support team will assist you with any issues related to the NG Firewall and its applications, but they will not help with virtualization set up/connectivity issues or issues caused by virtualization (high load, slow speeds, etc).<br />
<br />
== How to install on ESX or ESXi ==<br />
<br />
=== Before we get started ===<br />
<br />
Requirements:<br />
<br />
# VMware ESX server version 6.5.0 Update 3 or newer<br />
# One virtual NIC and vSwitch per NG Firewall Interface<br />
<br />
==== Download the NG Firewall Virtual Machine ====<br />
<br />
* Download the NG Firewall Virtual Appliance:<br />
1. Log into your Edge Threat Management account.<br />
2. Click GET STARTED at the top right-hand corner.<br />
3. Select the latest version and download the ISO file.<br />
<br />
==== Deploy image to ESX server ====<br />
* Once the image is downloaded, open your VMware vSphere Client and login to your server.<br />
[[Image:vmware3.jpg|none|256px|vCenter Login]] <br />
* Once you are logged in, click File -> “Deploy OVF Template…”<br />
[[Image:vmware4.jpg|none|128px|vCenter File->Deploy]] <br />
* In the “Deploy OVF Template” wizard mark “Deploy from file:” And hit “Browse…”<br />
[[Image:vm5.jpg|none|512px|vCenter Deploy Wizard 1]] <br />
* Browse to the location where you saved your image and click "Open".<br />
* Then hit “Next” <br />
[[Image:vm7.jpg|none|512px|vCenter Deploy Wizard 2]] <br />
* Read The Template Details and click “Next”.<br />
[[Image:vm8.jpg|none|512px|vCenter Deploy Wizard 3]] <br />
* In the “Name and Location screen” you may either change the name or leave it at the default. Click “Next”. <br />
[[Image:vm9.jpg|none|512px|vCenter Deploy Wizard 4]] <br />
* In the “Resource Pool screen” If you use Resource Pools, select the appropriate pool for the new NG Firewall VM and click "Next". Note: You can always move the VM to another Resource Pool after it's installed. <br />
[[Image:vm10.jpg|none|512px|vCenter Deploy Wizard 5]] <br />
* In the “Datastore screen” Select what datastore you want use click “Next”.<br />
[[Image:vm11.jpg|none|512px|vCenter Deploy Wizard 6]] <br />
* In the “Ready to Complete” screen, verify that everything looks OK and click “Finish”<br />
[[Image:vm12.jpg|none|512px|vCenter Deploy Wizard 7]] <br />
* Wait for the “Deploying” Progress Meter.<br />
[[Image:vm13.jpg|none|256px|vCenter Deploy Progress Meter]] <br />
* When it is done, Click "Close".<br />
[[Image:vm14.jpg|none|256px|vCenter Deployment Completed]]<br />
==== Verify/Configure Physical NIC to vSwitch mappings ====<br />
* Setup/confirm your vSwitch Settings. Click on the ESX host, then select “Configuration" tab and "Hardware -> Networking” <br />
[[Image:vm19.jpg|none|512px|vCenter Hardware->Networking]]<br />
* It is best practice to place your “Management Network “ is on a own vSwitch. (This is not a Must but if you can make sure that NG Firewall does not exist on the same vSwitch as any Management Interface)<br />
* On the vSwitches that NG Firewall will connect to activate “promiscuous mode” click on “Properties…”<br />
[[Image:vm20.jpg|none|512px|vCenter vSwitch Properties]]<br />
* Ensure that Promiscuous has status “Accept” otherwise hit "Edit" and go to the “Security “ Tab and change “Reject” to “Accept”. You will need to do this on all vSwitches that NG Firewall Virtual Machine connects to!<br />
[[Image:vm21.jpg|none|512px|vCenter vSwitch Properties2]]<br />
==== Configure the Virtual Machine for your Network ====<br />
* Right click on the new Virtual Machine and select “Edit Settings”.<br />
[[Image:vm15.jpg|none|256px|vCenter Edit Settings]]<br />
* You will need to add new virtual NICs and connect them to the appropriate vSwitches. Warning! Two Bridged Interfaces to the same vSwitch will crash your ESX server. Each NG Firewall NIC should be connected to its own vSwitch. Each vSwitch should be connected to it's own Physical NIC, or at least be separated by VLAN tagging at the physical NIC level.<br />
* In this example, you can see that the new NICs are connected to different vSwitches labeled LAN and DMZ. <br />
[[Image:vm17.jpg|none|512px|vCenter VM properties]]<br />
* Under “Options”->“VMware Tools” make sure to check the “Synchronize guest time with host” and click "OK"<br />
[[Image:vm18.jpg|none|512px|vCenter VM properties/tools options]]<br />
==== Celebrate! You're at the end ====<br />
Now you are ready to Power on your NG Firewall VM.<br />
<br />
== More Info and Troubleshooting ==<br />
<br />
For more information on the underlying issues, please see the following:<br />
<br />
* Kernel documentation<br />
* [http://www.vmware.com/support/pubs/ VMware documentation]<br />
* [http://www.microsoft.com/technet/prodtechnol/virtualserver/2005/proddocs/default.mspx?mfr=true Microsoft Virtual Server documentation]<br />
* [http://forums.untangle.com Edge Threat Management Community Support]<br />
* [http://www.untangle.com/live-support Edge Threat Management Live Support]<br />
For information about using your new NG Firewall software, see our [[NG Firewall Server User's Guide]].</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=NG_Firewall_Virtual_Appliance_on_VMware&diff=28616NG Firewall Virtual Appliance on VMware2024-01-23T19:12:14Z<p>Bcarmichael: </p>
<hr />
<div>NG Firewall can be virtualized through a [http://en.wikipedia.org/wiki/Virtual_appliance virtual appliance] running on [http://www.vmware.com VMware] ESX or ESXi.<br />
<br />
The virtual appliance can also be used in for demonstrations in VMware player, workstation, fusion, or server, but it is not recommended run a production installation in these environments. Support will help with '''NG Firewall''' configuration but configuration of the virtualization hypervisor is beyond the scope of Edge Threat Management support.<br />
<br />
:* '''Demo virtual appliance''': suitable for installation on a laptop or desktop in order to have a working instance of the platform running inside your Window, OS X, or Linux OS for testing or demonstration purposes. This is supported using VMware Player, Fusion, Server, or Workstation and requires only one physical network interface. Use this mode if you have only one physical network interface in your VMware host machine. <br />
:* '''Production virtual appliance:''' to be used as a network gateway. This mode requires at least two physical network interfaces (three if you want or need an external DMZ). We recommend you use either VMware ESX or ESXi Server. Use this mode if you have two or more physical network interfaces that you can connect to external, internal and (optionally) DMZ networks.<br />
<br />
<br />
== NG Firewall Support and VMware ==<br />
<br />
Arista Edge Threat Management wants you to have a successful deployment. Unfortunately, our support staff doesn't have the expertise in VMware ESX to ensure that we can help you with installing and configuring VMware. We will certainly help you with your NG Firewall configuration, provided it's running on ESX.<br />
<br />
That being said, we'd like to make you aware that systems like NG Firewall that require a lot of real time processing aren't great candidates for virtualization. VMware works by "time-slicing" the physical CPUs in the host system. While the VMware server is off processing other virtual machines, the NG Firewall server is unable to process traffic. At the same time, network traffic continues to arrive. This traffic stacks up and presents itself to the NG Firewall VM as "bursty." This exacerbates any high load issues that may be present. The exact threshold of where it will be unsuitable is hard to say. It is a combination of traffic level, types of traffic, and user expectations.<br />
<br />
'''In summary''': We do not recommend virtualizing NG Firewall. If you choose to install NG Firewall in a virtual environment, the support team will assist you with any issues related to the NG Firewall and its applications, but they will not help with virtualization set up/connectivity issues or issues caused by virtualization (high load, slow speeds, etc).<br />
<br />
== How to install on ESX or ESXi ==<br />
<br />
=== Before we get started ===<br />
<br />
Requirements:<br />
<br />
# VMware ESX server version 6.5.0 Update 3 or newer<br />
# One virtual NIC and vSwitch per NG Firewall Interface<br />
<br />
==== Download the NG Firewall Virtual Machine ====<br />
<br />
* Download the NG Firewall Virtual Appliance:<br />
1. Log into your Edge Threat Management account.<br />
2. Click GET STARTED at the top right-hand corner.<br />
3. Select the latest version and download the ISO file.<br />
<br />
==== Deploy image to ESX server ====<br />
* Once the image is downloaded, open your VMware vSphere Client and login to your server.<br />
[[Image:vmware3.jpg|none|256px|vCenter Login]] <br />
* Once you are logged in, click File -> “Deploy OVF Template…”<br />
[[Image:vmware4.jpg|none|128px|vCenter File->Deploy]] <br />
* In the “Deploy OVF Template” wizard mark “Deploy from file:” And hit “Browse…”<br />
[[Image:vm5.jpg|none|512px|vCenter Deploy Wizard 1]] <br />
* Browse to the location where you saved your image and click "Open".<br />
* Then hit “Next” <br />
[[Image:vmware7.jpg|none|512px|vCenter Deploy Wizard 2]] <br />
* Read The Template Details and click “Next”.<br />
[[Image:vmware8.jpg|none|512px|vCenter Deploy Wizard 3]] <br />
* In the “Name and Location screen” you may either change the name or leave it at the default. Click “Next”. <br />
[[Image:vmware9.jpg|none|512px|vCenter Deploy Wizard 4]] <br />
* In the “Resource Pool screen” If you use Resource Pools, select the appropriate pool for the new NG Firewall VM and click "Next". Note: You can always move the VM to another Resource Pool after it's installed. <br />
[[Image:vmware10.jpg|none|512px|vCenter Deploy Wizard 5]] <br />
* In the “Datastore screen” Select what datastore you want use click “Next”.<br />
[[Image:vmware11.jpg|none|512px|vCenter Deploy Wizard 6]] <br />
* In the “Ready to Complete” screen, verify that everything looks OK and click “Finish”<br />
[[Image:vmware12.jpg|none|512px|vCenter Deploy Wizard 7]] <br />
* Wait for the “Deploying” Progress Meter.<br />
[[Image:vmware13.jpg|none|256px|vCenter Deploy Progress Meter]] <br />
* When it is done, Click "Close".<br />
[[Image:vmware14.jpg|none|256px|vCenter Deployment Completed]]<br />
==== Verify/Configure Physical NIC to vSwitch mappings ====<br />
* Setup/confirm your vSwitch Settings. Click on the ESX host, then select “Configuration" tab and "Hardware -> Networking” <br />
[[Image:vmware19.jpg|none|512px|vCenter Hardware->Networking]]<br />
* It is best practice to place your “Management Network “ is on a own vSwitch. (This is not a Must but if you can make sure that NG Firewall does not exist on the same vSwitch as any Management Interface)<br />
* On the vSwitches that NG Firewall will connect to activate “promiscuous mode” click on “Properties…”<br />
[[Image:vmware20.jpg|none|512px|vCenter vSwitch Properties]]<br />
* Ensure that Promiscuous has status “Accept” otherwise hit "Edit" and go to the “Security “ Tab and change “Reject” to “Accept”. You will need to do this on all vSwitches that NG Firewall Virtual Machine connects to!<br />
[[Image:vmware21.jpg|none|512px|vCenter vSwitch Properties2]]<br />
==== Configure the Virtual Machine for your Network ====<br />
* Right click on the new Virtual Machine and select “Edit Settings”.<br />
[[Image:vmware15.jpg|none|256px|vCenter Edit Settings]]<br />
* You will need to add new virtual NICs and connect them to the appropriate vSwitches. Warning! Two Bridged Interfaces to the same vSwitch will crash your ESX server. Each NG Firewall NIC should be connected to its own vSwitch. Each vSwitch should be connected to it's own Physical NIC, or at least be separated by VLAN tagging at the physical NIC level.<br />
* In this example, you can see that the new NICs are connected to different vSwitches labeled LAN and DMZ. <br />
[[Image:vmware17.jpg|none|512px|vCenter VM properties]]<br />
* Under “Options”->“VMware Tools” make sure to check the “Synchronize guest time with host” and click "OK"<br />
[[Image:vmware18.jpg|none|512px|vCenter VM properties/tools options]]<br />
==== Celebrate! You're at the end ====<br />
Now you are ready to Power on your NG Firewall VM.<br />
<br />
== More Info and Troubleshooting ==<br />
<br />
For more information on the underlying issues, please see the following:<br />
<br />
* Kernel documentation<br />
* [http://www.vmware.com/support/pubs/ VMware documentation]<br />
* [http://www.microsoft.com/technet/prodtechnol/virtualserver/2005/proddocs/default.mspx?mfr=true Microsoft Virtual Server documentation]<br />
* [http://forums.untangle.com Edge Threat Management Community Support]<br />
* [http://www.untangle.com/live-support Edge Threat Management Live Support]<br />
For information about using your new NG Firewall software, see our [[NG Firewall Server User's Guide]].</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:Vm5.jpg&diff=28615File:Vm5.jpg2024-01-23T19:11:43Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=17.0_Changelog&diff=2857517.0 Changelog2023-08-15T17:29:53Z<p>Bcarmichael: /* Notice regarding Alerts */</p>
<hr />
<div>= 17.0 =<br />
<br />
Version 17.0 includes the following enhancements and bug fixes:<br />
<br />
== Enhancements ==<br />
* Multi-factor authentication - You can configure a TOTP code to log into the local web administration as a secondary authentication method. <br />
* DHCP Relay - The DHCP server for LAN interfaces can forward DHCP requests to a remote DHCP server to centralize IP address assignment across a distributed network.<br />
* WiFi regulatory domains - You can assign the regulatory domain based on your selected region so that NG Firewall updates the list of available frequencies.<br />
<br />
== Bug Fixes ==<br />
* IPsec - Forcing client disconnect from the status page was not functional for IKEv2 based tunnels.<br />
* IPsec - The service continued to run on the system after disabling or uninstalling the app.<br />
* IPsec - Shrew Soft VPN client could not connect.<br />
* OpenVPN - Full tunnel VPN clients could not access resources on the local network behind the NG Firewall hub.<br />
* OpenVPN - A missing directory could prevent the service from starting.<br />
* OpenVPN - If TOTP is enabled, site to site tunnels could not be created without manually editing the configuration file.<br />
* Reports - Adding a global condition in interface usage report resulted in an error.<br />
* Reports - Reports users could not log in due to inaccurate determination of password strength.<br />
* VLANs - No error or warning was displayed when the maximum number of interfaces was reached.<br />
* VLANs - VLANs with ID value below 100 were not allowed. <br />
* Firewall app - Rules using Threat Prevention based conditions were not evaluated.<br />
* WireGuard - The service could not start if a conflicting route was detected.<br />
* Dynamic routing - BGP with a null router ID / AS value generated errors. <br />
* System - Nullsoft scriptable install system was identified as malware in the ISO by virus scanners.<br />
* System - The option to run the setup wizard from the Support screen is removed.<br />
* System - Network interface configuration to physical adapter association was rearranged after reboot on specific types of hardware<br />
* System - Admin login events from the localhost were not captured in the log.<br />
* System - An issue causing unexpectedly high CPU load is resolved.<br />
<br />
<br />
== Notice regarding NIC mapping on upgrades ==<br />
Some installs may continue to experience interfaces remapping following the upgrade to this release. The fix for this issue resolves the behavior for subsequent upgrades and reboots. If your appliance was affected by this issue with previous upgrades make sure to perform the upgrade from a local network in case you need to reconfigure the interfaces.<br />
<br />
== Notice regarding Alerts ==<br />
The option to relay email via the "Cloud hosted email relay" will be removed in the next release. Refer to [https://support.edge.arista.com/hc/en-us/articles/16459641337495 Receiving email alerts from NG Firewall] for alternative options.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=17.0_Changelog&diff=2857417.0 Changelog2023-08-14T15:04:06Z<p>Bcarmichael: /* Notice regarding NIC mapping on upgrades */</p>
<hr />
<div>= 17.0 =<br />
<br />
Version 17.0 includes the following enhancements and bug fixes:<br />
<br />
== Enhancements ==<br />
* Multi-factor authentication - You can configure a TOTP code to log into the local web administration as a secondary authentication method. <br />
* DHCP Relay - The DHCP server for LAN interfaces can forward DHCP requests to a remote DHCP server to centralize IP address assignment across a distributed network.<br />
* WiFi regulatory domains - You can assign the regulatory domain based on your selected region so that NG Firewall updates the list of available frequencies.<br />
<br />
== Bug Fixes ==<br />
* IPsec - Forcing client disconnect from the status page was not functional for IKEv2 based tunnels.<br />
* IPsec - The service continued to run on the system after disabling or uninstalling the app.<br />
* IPsec - Shrew Soft VPN client could not connect.<br />
* OpenVPN - Full tunnel VPN clients could not access resources on the local network behind the NG Firewall hub.<br />
* OpenVPN - A missing directory could prevent the service from starting.<br />
* OpenVPN - If TOTP is enabled, site to site tunnels could not be created without manually editing the configuration file.<br />
* Reports - Adding a global condition in interface usage report resulted in an error.<br />
* Reports - Reports users could not log in due to inaccurate determination of password strength.<br />
* VLANs - No error or warning was displayed when the maximum number of interfaces was reached.<br />
* VLANs - VLANs with ID value below 100 were not allowed. <br />
* Firewall app - Rules using Threat Prevention based conditions were not evaluated.<br />
* WireGuard - The service could not start if a conflicting route was detected.<br />
* Dynamic routing - BGP with a null router ID / AS value generated errors. <br />
* System - Nullsoft scriptable install system was identified as malware in the ISO by virus scanners.<br />
* System - The option to run the setup wizard from the Support screen is removed.<br />
* System - Network interface configuration to physical adapter association was rearranged after reboot on specific types of hardware<br />
* System - Admin login events from the localhost were not captured in the log.<br />
* System - An issue causing unexpectedly high CPU load is resolved.<br />
<br />
<br />
== Notice regarding NIC mapping on upgrades ==<br />
Some installs may continue to experience interfaces remapping following the upgrade to this release. The fix for this issue resolves the behavior for subsequent upgrades and reboots. If your appliance was affected by this issue with previous upgrades make sure to perform the upgrade from a local network in case you need to reconfigure the interfaces.<br />
<br />
== Notice regarding Alerts ==<br />
The option to relay email via the "Cloud hosted email relay" will no longer be supported after August 31, 2023. Refer to [https://support.edge.arista.com/hc/en-us/articles/16459641337495 Receiving email alerts from NG Firewall] for alternative options.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=NG_Firewall_Changelogs&diff=28570NG Firewall Changelogs2023-06-30T16:42:28Z<p>Bcarmichael: /* Major Releases */</p>
<hr />
<div>The sections below detail notable changes made to the NG Firewall software in each revision.<br />
<br />
= Major Releases =<br />
* [[17.0 Changelog]]<br />
* [[16.6 Changelog]]<br />
* [[16.5 Changelog]]<br />
* [[16.4 Changelog]]<br />
* [[16.3 Changelog]]<br />
* [[16.2 Changelog]]<br />
* [[16.1 Changelog]]<br />
* [[16.0 Changelog]]<br />
* [[15.1 Changelog]]<br />
* [[15.0.0 Changelog]]<br />
* [[14.2.2 Changelog]]<br />
* [[14.2.1 Changelog]]<br />
* [[14.2.0 Changelog]]<br />
* [[14.1.2 Changelog]]<br />
* [[14.1.1 Changelog]]<br />
* [[14.1.0 Changelog]]<br />
* [[14.0.1 Changelog]]<br />
* [[14.0.0 Changelog]]<br />
* [[13.2.1 Changelog]]<br />
* [[13.2.0 Changelog]]<br />
* [[13.1.1 Changelog]]<br />
* [[13.1.0 Changelog]]<br />
* [[13.0.0 Changelog]]<br />
<br />
= Date Changes =<br />
<br />
Minor builds are newly released updates or builds without a change in the overall MAJOR.MINOR version number. The date changelog shows all changes by date.<br />
<br />
[[Date Changelog]]<br />
<br />
= Active Directory Monitor =<br />
<br />
The Active Directory Monitor software installs on the Active Directory server and is released independently of other products.<br />
<br />
[[Active Directory Monitor Changelog]]<br />
<br />
<!-- hiding as this is very old content<br />
<br />
= Old NGFW Changelogs =<br />
<br />
* [[12.2.1 Changelog]]<br />
* [[12.2.0 Changelog]]<br />
* [[12.1.2 Changelog]]<br />
* [[12.1.1 Changelog]]<br />
* [[12.1.0 Changelog]]<br />
* [[12.0.1 Changelog]]<br />
* [[12.0.0 Changelog]]<br />
* [[11.2.1 Changelog]]<br />
* [[11.2.0 Changelog]]<br />
* [[11.1.0 Changelog]]<br />
* [[11.0.1 Changelog]]<br />
* [[11.0.0 Changelog]]<br />
* [[10.2.1 Changelog]]<br />
* [[10.2.0 Changelog]]<br />
* [[10.1.0 Changelog]]<br />
* [[10.0.0 Changelog]]<br />
* [[9.4.2 Changelog]]<br />
* [[9.4.1 Changelog]]<br />
* [[9.4.0 Changelog]]<br />
* [[9.3.2 Changelog]]<br />
* [[9.3.1 Changelog]]<br />
* [[9.3.0 Changelog]]<br />
* [[9.2.1 Changelog]]<br />
* [[9.2.0 Changelog]]<br />
* [[9.1.1 Changelog]]<br />
* [[9.1.0 Changelog]]<br />
* [[9.0.2 Changelog]]<br />
* [[9.0.1 Changelog]]<br />
* [[9.0.0 Changelog]]<br />
<br />
--></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=17.0_Changelog_(beta/preview)&diff=2856917.0 Changelog (beta/preview)2023-06-30T16:41:58Z<p>Bcarmichael: Bcarmichael moved page 17.0 Changelog (beta/preview) to 17.0 Changelog over redirect</p>
<hr />
<div>#REDIRECT [[17.0 Changelog]]</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=17.0_Changelog&diff=2856817.0 Changelog2023-06-30T16:41:58Z<p>Bcarmichael: Bcarmichael moved page 17.0 Changelog (beta/preview) to 17.0 Changelog over redirect</p>
<hr />
<div>= 17.0 =<br />
<br />
Version 17.0 includes the following enhancements and bug fixes:<br />
<br />
== Enhancements ==<br />
* Multi-factor authentication - You can configure a TOTP code to log into the local web administration as a secondary authentication method. <br />
* DHCP Relay - The DHCP server for LAN interfaces can forward DHCP requests to a remote DHCP server to centralize IP address assignment across a distributed network.<br />
* WiFi regulatory domains - You can assign the regulatory domain based on your selected region so that NG Firewall updates the list of available frequencies.<br />
<br />
== Bug Fixes ==<br />
* IPsec - Forcing client disconnect from the status page was not functional for IKEv2 based tunnels.<br />
* IPsec - The service continued to run on the system after disabling or uninstalling the app.<br />
* IPsec - Shrew Soft VPN client could not connect.<br />
* OpenVPN - Full tunnel VPN clients could not access resources on the local network behind the NG Firewall hub.<br />
* OpenVPN - A missing directory could prevent the service from starting.<br />
* OpenVPN - If TOTP is enabled, site to site tunnels could not be created without manually editing the configuration file.<br />
* Reports - Adding a global condition in interface usage report resulted in an error.<br />
* Reports - Reports users could not log in due to inaccurate determination of password strength.<br />
* VLANs - No error or warning was displayed when the maximum number of interfaces was reached.<br />
* VLANs - VLANs with ID value below 100 were not allowed. <br />
* Firewall app - Rules using Threat Prevention based conditions were not evaluated.<br />
* WireGuard - The service could not start if a conflicting route was detected.<br />
* Dynamic routing - BGP with a null router ID / AS value generated errors. <br />
* System - Nullsoft scriptable install system was identified as malware in the ISO by virus scanners.<br />
* System - The option to run the setup wizard from the Support screen is removed.<br />
* System - Network interface configuration to physical adapter association was rearranged after reboot on specific types of hardware<br />
* System - Admin login events from the localhost were not captured in the log.<br />
<br />
== Notice regarding NIC mapping on upgrades ==<br />
Some installs may continue to experience interfaces remapping following the upgrade to this release. The fix for this issue resolves the behavior for subsequent upgrades and reboots. If your appliance was affected by this issue with previous upgrades make sure to perform the upgrade from a local network in case you need to reconfigure the interfaces.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=17.0_Changelog&diff=2856617.0 Changelog2023-05-05T00:04:37Z<p>Bcarmichael: /* Bug Fixes */</p>
<hr />
<div>= 17.0 =<br />
<br />
Version 17.0 includes the following enhancements and bug fixes:<br />
<br />
== Enhancements ==<br />
* Multi-factor authentication - You can configure a TOTP code to log into the local web administration as a secondary authentication method. <br />
* DHCP Relay - The DHCP server for LAN interfaces can forward DHCP requests to a remote DHCP server to centralize IP address assignment across a distributed network.<br />
* WiFi regulatory domains - You can assign the regulatory domain based on your selected region so that NG Firewall updates the list of available frequencies.<br />
<br />
== Bug Fixes ==<br />
* IPsec - Forcing client disconnect from the status page was not functional for IKEv2 based tunnels.<br />
* IPsec - The service continued to run on the system after disabling or uninstalling the app.<br />
* IPsec - Shrew Soft VPN client could not connect.<br />
* OpenVPN - Full tunnel VPN clients could not access resources on the local network behind the NG Firewall hub.<br />
* OpenVPN - A missing directory could prevent the service from starting.<br />
* OpenVPN - If TOTP is enabled, site to site tunnels could not be created without manually editing the configuration file.<br />
* Reports - Adding a global condition in interface usage report resulted in an error.<br />
* Reports - Reports users could not log in due to inaccurate determination of password strength.<br />
* VLANs - No error or warning was displayed when the maximum number of interfaces was reached.<br />
* VLANs - VLANs with ID value below 100 were not allowed. <br />
* Firewall app - Rules using Threat Prevention based conditions were not evaluated.<br />
* WireGuard - The service could not start if a conflicting route was detected.<br />
* Dynamic routing - BGP with a null router ID / AS value generated errors. <br />
* System - Nullsoft scriptable install system was identified as malware in the ISO by virus scanners.<br />
* System - The option to run the setup wizard from the Support screen is removed.<br />
* System - Network interface configuration to physical adapter association was rearranged after reboot on specific types of hardware<br />
* System - Admin login events from the localhost were not captured in the log.<br />
<br />
== Notice regarding NIC mapping on upgrades ==<br />
Some installs may continue to experience interfaces remapping following the upgrade to this release. The fix for this issue resolves the behavior for subsequent upgrades and reboots. If your appliance was affected by this issue with previous upgrades make sure to perform the upgrade from a local network in case you need to reconfigure the interfaces.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=NG_Firewall_Changelogs&diff=28557NG Firewall Changelogs2023-04-12T00:04:12Z<p>Bcarmichael: /* Major Releases */</p>
<hr />
<div>The sections below detail notable changes made to the NG Firewall software in each revision.<br />
<br />
= Major Releases =<br />
* [[17.0 Changelog]]<br />
* [[16.6 Changelog]]<br />
* [[16.5 Changelog]]<br />
* [[16.4 Changelog]]<br />
* [[16.3 Changelog]]<br />
* [[16.2 Changelog]]<br />
* [[16.1 Changelog]]<br />
* [[16.0 Changelog]]<br />
* [[15.1 Changelog]]<br />
* [[15.0.0 Changelog]]<br />
* [[14.2.2 Changelog]]<br />
* [[14.2.1 Changelog]]<br />
* [[14.2.0 Changelog]]<br />
* [[14.1.2 Changelog]]<br />
* [[14.1.1 Changelog]]<br />
* [[14.1.0 Changelog]]<br />
* [[14.0.1 Changelog]]<br />
* [[14.0.0 Changelog]]<br />
* [[13.2.1 Changelog]]<br />
* [[13.2.0 Changelog]]<br />
* [[13.1.1 Changelog]]<br />
* [[13.1.0 Changelog]]<br />
* [[13.0.0 Changelog]]<br />
<br />
= Date Changes =<br />
<br />
Minor builds are newly released updates or builds without a change in the overall MAJOR.MINOR version number. The date changelog shows all changes by date.<br />
<br />
[[Date Changelog]]<br />
<br />
= Active Directory Monitor =<br />
<br />
The Active Directory Monitor software installs on the Active Directory server and is released independently of other products.<br />
<br />
[[Active Directory Monitor Changelog]]<br />
<br />
<!-- hiding as this is very old content<br />
<br />
= Old NGFW Changelogs =<br />
<br />
* [[12.2.1 Changelog]]<br />
* [[12.2.0 Changelog]]<br />
* [[12.1.2 Changelog]]<br />
* [[12.1.1 Changelog]]<br />
* [[12.1.0 Changelog]]<br />
* [[12.0.1 Changelog]]<br />
* [[12.0.0 Changelog]]<br />
* [[11.2.1 Changelog]]<br />
* [[11.2.0 Changelog]]<br />
* [[11.1.0 Changelog]]<br />
* [[11.0.1 Changelog]]<br />
* [[11.0.0 Changelog]]<br />
* [[10.2.1 Changelog]]<br />
* [[10.2.0 Changelog]]<br />
* [[10.1.0 Changelog]]<br />
* [[10.0.0 Changelog]]<br />
* [[9.4.2 Changelog]]<br />
* [[9.4.1 Changelog]]<br />
* [[9.4.0 Changelog]]<br />
* [[9.3.2 Changelog]]<br />
* [[9.3.1 Changelog]]<br />
* [[9.3.0 Changelog]]<br />
* [[9.2.1 Changelog]]<br />
* [[9.2.0 Changelog]]<br />
* [[9.1.1 Changelog]]<br />
* [[9.1.0 Changelog]]<br />
* [[9.0.2 Changelog]]<br />
* [[9.0.1 Changelog]]<br />
* [[9.0.0 Changelog]]<br />
<br />
--></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=17.0_Changelog&diff=2855617.0 Changelog2023-04-12T00:03:31Z<p>Bcarmichael: Created page with "= 17.0 = Version 17.0 includes the following enhancements and bug fixes: == Enhancements == * Multi-factor authentication - You can configure a TOTP code to log into the loc..."</p>
<hr />
<div>= 17.0 =<br />
<br />
Version 17.0 includes the following enhancements and bug fixes:<br />
<br />
== Enhancements ==<br />
* Multi-factor authentication - You can configure a TOTP code to log into the local web administration as a secondary authentication method. <br />
* DHCP Relay - The DHCP server for LAN interfaces can forward DHCP requests to a remote DHCP server to centralize IP address assignment across a distributed network.<br />
* WiFi regulatory domains - You can assign the regulatory domain based on your selected region so that NG Firewall updates the list of available frequencies.<br />
<br />
== Bug Fixes ==<br />
* IPsec - Forcing client disconnect from the status page was not functional for IKEv2 based tunnels.<br />
* IPsec - The service continued to run on the system after disabling or uninstalling the app.<br />
* IPsec - Shrew Soft VPN client could not connect.<br />
* OpenVPN - Full tunnel VPN clients could not access resources on the local network behind the NG Firewall hub.<br />
* OpenVPN - A missing directory could prevent the service from starting.<br />
* OpenVPN - If TOTP is enabled, site to site tunnels could not be created without manually editing the configuration file.<br />
* Reports - Adding a global condition in interface usage report resulted in an error.<br />
* Reports - Reports users could not log in due to inaccurate determination of password strength.<br />
* VLANs - No error or warning was displayed when the maximum number of interfaces was reached.<br />
* VLANs - VLANs with ID value below 100 were not allowed. <br />
* Firewall app - Rules using Threat Prevention based conditions were not evaluated.<br />
* WireGuard - The service could not start if a conflicting route was detected.<br />
* Dynamic routing - BGP with a null router ID / AS value generated errors. <br />
* System - Nullsoft scriptable install system was identified as malware in the ISO by virus scanners.<br />
* System - The option to run the setup wizard from the Support screen is removed.<br />
* System - Network interface configuration to physical adapter association was rearranged after reboot on specific types of hardware<br />
* System - Admin login events from the localhost were not captured in the log.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=Hardware_Setup_Guides&diff=28546Hardware Setup Guides2023-02-08T16:59:05Z<p>Bcarmichael: </p>
<hr />
<div>The setup guides for each official hardware appliance are listed below:<br />
{| border="1" cellpadding="2" style="width: 60%"<br />
|-<br />
! Appliance<br />
! Size<br />
! Download<br />
|-<br />
| e3 / e3w<br />
| 179 KB<br />
| [[:Media:HW Setup Guide - e3.pdf|e3.pdf]]<br />
|-<br />
| e6<br />
| 224 KB<br />
| [[:Media:HW Setup Guide - e6.pdf|e6.pdf]]<br />
|-<br />
| e6w<br />
| 228 KB<br />
| [[:Media:HW Setup Guide - e6w.pdf|e6w.pdf]]<br />
|-<br />
| e6wl<br />
| 234 KB<br />
| [[:Media:HW Setup Guide - e6wl.pdf|e6wl.pdf]]<br />
|-<br />
| w4<br />
| 201 KB<br />
| [[:Media:HW Setup Guide - w4.pdf|w4.pdf]]<br />
|-<br />
| Q4<br />
| 473 KB<br />
| [[:Media:HW Setup Guide - Q4.pdf|Q4.pdf]]<br />
|-<br />
| w8<br />
| 354 KB<br />
| [[:Media:HW Setup Guide - w8.pdf|w8.pdf]]<br />
|-<br />
| Q8<br />
| 780 KB<br />
| [[:Media:HW Setup Guide - Q8.pdf|Q8.pdf]]<br />
|-<br />
| z4<br />
| 945 KB<br />
| [[:Media:HW Setup Guide - z4.pdf|z4.pdf]]<br />
|-<br />
| z6<br />
| 210 KB<br />
| [[:Media:HW Setup Guide - z6.pdf|z6.pdf]]<br />
|-<br />
| z12<br />
| 234 KB<br />
| [[:Media:HW Setup Guide - z12.pdf|z12.pdf]]<br />
|-<br />
| z20<br />
| 249 KB<br />
| [[:Media:HW Setup Guide - z20.pdf|z20.pdf]]<br />
|-<br />
| mSeries<br />
| 375 KB<br />
| [[:Media:HW Setup Guide - mSeries.pdf|mSeries.pdf]]<br />
|-<br />
| u500<br />
| 275 KB<br />
| [[:Media:HW Setup Guide - u500.pdf|u500.pdf]]<br />
|-<br />
| u150<br />
| 258 KB<br />
| [[:Media:HW Setup Guide - u150.pdf|u150.pdf]]<br />
|-<br />
| u50<br />
| 301 KB<br />
| [[:Media:HW Setup Guide - u50.pdf| u50.pdf]]<br />
|-<br />
| u50x<br />
| 1.1 MB<br />
| [[:Media:HW Setup Guide - u50x.pdf| u50x.pdf]]<br />
|-<br />
| u50xw<br />
| 1.1 MB<br />
| [[:Media:HW Setup Guide - u50xw.pdf| u50xw.pdf]]<br />
|-<br />
| u25<br />
| 332 KB<br />
| [[:Media:HW Setup Guide - u25.pdf | u25.pdf]]<br />
|-<br />
| u25w<br />
| 335 KB<br />
| [[:Media:HW Setup Guide - u25w.pdf| u25w.pdf]]<br />
|-<br />
| u25x<br />
| 1.2 MB<br />
| [[:Media:HW Setup Guide - u25x.pdf| u25x.pdf]]<br />
|-<br />
| u25xw<br />
| 1.5 MB<br />
| [[:Media:HW Setup Guide - u25xw.pdf| u25xw.pdf]]<br />
|}</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:HW_Setup_Guide_-_Q4.pdf&diff=28545File:HW Setup Guide - Q4.pdf2023-02-08T16:58:03Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=Hardware_Setup_Guides&diff=28540Hardware Setup Guides2023-01-19T23:38:14Z<p>Bcarmichael: </p>
<hr />
<div>The setup guides for each official hardware appliance are listed below:<br />
{| border="1" cellpadding="2" style="width: 60%"<br />
|-<br />
! Appliance<br />
! Size<br />
! Download<br />
|-<br />
| e3 / e3w<br />
| 179 KB<br />
| [[:Media:HW Setup Guide - e3.pdf|e3.pdf]]<br />
|-<br />
| e6<br />
| 224 KB<br />
| [[:Media:HW Setup Guide - e6.pdf|e6.pdf]]<br />
|-<br />
| e6w<br />
| 228 KB<br />
| [[:Media:HW Setup Guide - e6w.pdf|e6w.pdf]]<br />
|-<br />
| e6wl<br />
| 234 KB<br />
| [[:Media:HW Setup Guide - e6wl.pdf|e6wl.pdf]]<br />
|-<br />
| w4<br />
| 201 KB<br />
| [[:Media:HW Setup Guide - w4.pdf|w4.pdf]]<br />
|-<br />
| w8<br />
| 354 KB<br />
| [[:Media:HW Setup Guide - w8.pdf|w8.pdf]]<br />
|-<br />
| Q8<br />
| 780 KB<br />
| [[:Media:HW Setup Guide - Q8.pdf|Q8.pdf]]<br />
|-<br />
| z4<br />
| 945 KB<br />
| [[:Media:HW Setup Guide - z4.pdf|z4.pdf]]<br />
|-<br />
| z6<br />
| 210 KB<br />
| [[:Media:HW Setup Guide - z6.pdf|z6.pdf]]<br />
|-<br />
| z12<br />
| 234 KB<br />
| [[:Media:HW Setup Guide - z12.pdf|z12.pdf]]<br />
|-<br />
| z20<br />
| 249 KB<br />
| [[:Media:HW Setup Guide - z20.pdf|z20.pdf]]<br />
|-<br />
| mSeries<br />
| 375 KB<br />
| [[:Media:HW Setup Guide - mSeries.pdf|mSeries.pdf]]<br />
|-<br />
| u500<br />
| 275 KB<br />
| [[:Media:HW Setup Guide - u500.pdf|u500.pdf]]<br />
|-<br />
| u150<br />
| 258 KB<br />
| [[:Media:HW Setup Guide - u150.pdf|u150.pdf]]<br />
|-<br />
| u50<br />
| 301 KB<br />
| [[:Media:HW Setup Guide - u50.pdf| u50.pdf]]<br />
|-<br />
| u50x<br />
| 1.1 MB<br />
| [[:Media:HW Setup Guide - u50x.pdf| u50x.pdf]]<br />
|-<br />
| u50xw<br />
| 1.1 MB<br />
| [[:Media:HW Setup Guide - u50xw.pdf| u50xw.pdf]]<br />
|-<br />
| u25<br />
| 332 KB<br />
| [[:Media:HW Setup Guide - u25.pdf | u25.pdf]]<br />
|-<br />
| u25w<br />
| 335 KB<br />
| [[:Media:HW Setup Guide - u25w.pdf| u25w.pdf]]<br />
|-<br />
| u25x<br />
| 1.2 MB<br />
| [[:Media:HW Setup Guide - u25x.pdf| u25x.pdf]]<br />
|-<br />
| u25xw<br />
| 1.5 MB<br />
| [[:Media:HW Setup Guide - u25xw.pdf| u25xw.pdf]]<br />
|}</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=Hardware_Setup_Guides&diff=28539Hardware Setup Guides2023-01-19T23:37:46Z<p>Bcarmichael: </p>
<hr />
<div>The setup guides for each official hardware appliance are listed below:<br />
{| border="1" cellpadding="2" style="width: 60%"<br />
|-<br />
! Appliance<br />
! Size<br />
! Download<br />
|-<br />
| e3 / e3w<br />
| 179 KB<br />
| [[:Media:HW Setup Guide - e3.pdf|e3.pdf]]<br />
|-<br />
| e6<br />
| 224 KB<br />
| [[:Media:HW Setup Guide - e6.pdf|e6.pdf]]<br />
|-<br />
| e6w<br />
| 228 KB<br />
| [[:Media:HW Setup Guide - e6w.pdf|e6w.pdf]]<br />
|-<br />
| e6wl<br />
| 234 KB<br />
| [[:Media:HW Setup Guide - e6wl.pdf|e6wl.pdf]]<br />
|-<br />
| w4<br />
| 201 KB<br />
| [[:Media:HW Setup Guide - w4.pdf|w4.pdf]]<br />
|-<br />
| w8<br />
| 354 KB<br />
| [[:Media:HW Setup Guide - w8.pdf|w8.pdf]]<br />
|-<br />
| Q8<br />
| 354 KB<br />
| [[:Media:HW Setup Guide - Q8.pdf|Q8.pdf]]<br />
|-<br />
| z4<br />
| 945 KB<br />
| [[:Media:HW Setup Guide - z4.pdf|z4.pdf]]<br />
|-<br />
| z6<br />
| 210 KB<br />
| [[:Media:HW Setup Guide - z6.pdf|z6.pdf]]<br />
|-<br />
| z12<br />
| 234 KB<br />
| [[:Media:HW Setup Guide - z12.pdf|z12.pdf]]<br />
|-<br />
| z20<br />
| 249 KB<br />
| [[:Media:HW Setup Guide - z20.pdf|z20.pdf]]<br />
|-<br />
| mSeries<br />
| 375 KB<br />
| [[:Media:HW Setup Guide - mSeries.pdf|mSeries.pdf]]<br />
|-<br />
| u500<br />
| 275 KB<br />
| [[:Media:HW Setup Guide - u500.pdf|u500.pdf]]<br />
|-<br />
| u150<br />
| 258 KB<br />
| [[:Media:HW Setup Guide - u150.pdf|u150.pdf]]<br />
|-<br />
| u50<br />
| 301 KB<br />
| [[:Media:HW Setup Guide - u50.pdf| u50.pdf]]<br />
|-<br />
| u50x<br />
| 1.1 MB<br />
| [[:Media:HW Setup Guide - u50x.pdf| u50x.pdf]]<br />
|-<br />
| u50xw<br />
| 1.1 MB<br />
| [[:Media:HW Setup Guide - u50xw.pdf| u50xw.pdf]]<br />
|-<br />
| u25<br />
| 332 KB<br />
| [[:Media:HW Setup Guide - u25.pdf | u25.pdf]]<br />
|-<br />
| u25w<br />
| 335 KB<br />
| [[:Media:HW Setup Guide - u25w.pdf| u25w.pdf]]<br />
|-<br />
| u25x<br />
| 1.2 MB<br />
| [[:Media:HW Setup Guide - u25x.pdf| u25x.pdf]]<br />
|-<br />
| u25xw<br />
| 1.5 MB<br />
| [[:Media:HW Setup Guide - u25xw.pdf| u25xw.pdf]]<br />
|}</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=File:HW_Setup_Guide_-_Q8.pdf&diff=28538File:HW Setup Guide - Q8.pdf2023-01-19T23:36:28Z<p>Bcarmichael: </p>
<hr />
<div></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=16.6_Changelog&diff=2845116.6 Changelog2022-11-15T19:57:21Z<p>Bcarmichael: /* Bug Fixes */</p>
<hr />
<div>= 16.6 =<br />
<br />
Version 16.6 includes an update of the operating system to [https://www.debian.org/releases/bullseye/ Debian 11 Bullseye]. Other changes include branding updates and official localization of the web administration to German and Japanese.<br />
<br />
== Bug Fixes ==<br />
* Fixed - IPsec cipher list was incomplete for phase 1. It now includes the same cipher options as phase 2. The default ciphers have also been updated to match modern standards.<br />
* Fixed - LDAP queries to Active Directory with Smart card authentication enabled now work.<br />
<br />
'''Important notice:'''<br />
* This release requires a system restart.<br />
* Some CSS files may be cached resulting in inconsistent colors. Clearing the browser cache is recommended.<br />
* Python scripts in [[Captive Portal]] custom pages is no longer supported. Any custom scripts may not work after upgrading.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=16.6_Changelog&diff=2845016.6 Changelog2022-11-15T19:56:55Z<p>Bcarmichael: </p>
<hr />
<div>= 16.6 =<br />
<br />
Version 16.6 includes an update of the operating system to [https://www.debian.org/releases/bullseye/ Debian 11 Bullseye]. Other changes include branding updates and official localization of the web administration to German and Japanese.<br />
<br />
== Bug Fixes ==<br />
* Fixed - IPsec cipher list was incomplete for phase 1. It now includes the same cipher options as phase 2. The default ciphers have also been updated to match modern standards.<br />
* Fixed - LDAP queries to Active Directory with Smart card authentication enabled now work.<br />
<br />
'''Important notice:'''<br />
* This release requires a system restart.<br />
* Some CSS files may be cached resulting in inconsistent colors. Clearing the browser cache is recommended.<br />
* Python scripts in [[Captive Portal]] custom pages is no longer supported. Any custom scripts are no longer supported and may not work after upgrading.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=16.6_Changelog&diff=2844916.6 Changelog2022-11-15T19:55:57Z<p>Bcarmichael: </p>
<hr />
<div>= 16.6 =<br />
<br />
Version 16.6 includes an update of the operating system to [https://www.debian.org/releases/bullseye/ Debian 11 Bullseye]. Other changes include branding updates and official localization of the web administration to German and Japanese.<br />
<br />
== Bug Fixes ==<br />
* Fixed - IPsec cipher list was incomplete for phase 1. It now includes the same cipher options as phase 2. The default ciphers have also been updated to match modern standards.<br />
* Fixed - LDAP queries to Active Directory with Smart card authentication enabled now work.<br />
<br />
'''Important notice:'''<br />
* This release requires a system restart.<br />
* Some CSS files may be cached resulting in inconsistent colors. Clearing the browser cache is recommended.<br />
* Python scripts in Captive Portal custom pages is no longer supported. Any custom scripts are no longer supported and may not work after upgrading.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=16.6_Changelog&diff=2844816.6 Changelog2022-11-15T19:55:42Z<p>Bcarmichael: /* 16.6 */</p>
<hr />
<div>= 16.6 =<br />
<br />
Version 16.6 includes an update of the operating system to Debian 11 [https://www.debian.org/releases/bullseye/ Debian 11 Bullseye]. Other changes include branding updates and official localization of the web administration to German and Japanese.<br />
<br />
== Bug Fixes ==<br />
* Fixed - IPsec cipher list was incomplete for phase 1. It now includes the same cipher options as phase 2. The default ciphers have also been updated to match modern standards.<br />
* Fixed - LDAP queries to Active Directory with Smart card authentication enabled now work.<br />
<br />
'''Important notice:'''<br />
* This release requires a system restart.<br />
* Some CSS files may be cached resulting in inconsistent colors. Clearing the browser cache is recommended.<br />
* Python scripts in Captive Portal custom pages is no longer supported. Any custom scripts are no longer supported and may not work after upgrading.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=NG_Firewall_Changelogs&diff=28447NG Firewall Changelogs2022-11-15T19:55:19Z<p>Bcarmichael: /* Major Releases */</p>
<hr />
<div>The sections below detail notable changes made to the NG Firewall software in each revision.<br />
<br />
= Major Releases =<br />
* [[16.6 Changelog]]<br />
* [[16.5 Changelog]]<br />
* [[16.4 Changelog]]<br />
* [[16.3 Changelog]]<br />
* [[16.2 Changelog]]<br />
* [[16.1 Changelog]]<br />
* [[16.0 Changelog]]<br />
* [[15.1 Changelog]]<br />
* [[15.0.0 Changelog]]<br />
* [[14.2.2 Changelog]]<br />
* [[14.2.1 Changelog]]<br />
* [[14.2.0 Changelog]]<br />
* [[14.1.2 Changelog]]<br />
* [[14.1.1 Changelog]]<br />
* [[14.1.0 Changelog]]<br />
* [[14.0.1 Changelog]]<br />
* [[14.0.0 Changelog]]<br />
* [[13.2.1 Changelog]]<br />
* [[13.2.0 Changelog]]<br />
* [[13.1.1 Changelog]]<br />
* [[13.1.0 Changelog]]<br />
* [[13.0.0 Changelog]]<br />
<br />
= Date Changes =<br />
<br />
Minor builds are newly released updates or builds without a change in the overall MAJOR.MINOR version number. The date changelog shows all changes by date.<br />
<br />
[[Date Changelog]]<br />
<br />
= Active Directory Monitor =<br />
<br />
The Active Directory Monitor software installs on the Active Directory server and is released independently of other products.<br />
<br />
[[Active Directory Monitor Changelog]]<br />
<br />
<!-- hiding as this is very old content<br />
<br />
= Old NGFW Changelogs =<br />
<br />
* [[12.2.1 Changelog]]<br />
* [[12.2.0 Changelog]]<br />
* [[12.1.2 Changelog]]<br />
* [[12.1.1 Changelog]]<br />
* [[12.1.0 Changelog]]<br />
* [[12.0.1 Changelog]]<br />
* [[12.0.0 Changelog]]<br />
* [[11.2.1 Changelog]]<br />
* [[11.2.0 Changelog]]<br />
* [[11.1.0 Changelog]]<br />
* [[11.0.1 Changelog]]<br />
* [[11.0.0 Changelog]]<br />
* [[10.2.1 Changelog]]<br />
* [[10.2.0 Changelog]]<br />
* [[10.1.0 Changelog]]<br />
* [[10.0.0 Changelog]]<br />
* [[9.4.2 Changelog]]<br />
* [[9.4.1 Changelog]]<br />
* [[9.4.0 Changelog]]<br />
* [[9.3.2 Changelog]]<br />
* [[9.3.1 Changelog]]<br />
* [[9.3.0 Changelog]]<br />
* [[9.2.1 Changelog]]<br />
* [[9.2.0 Changelog]]<br />
* [[9.1.1 Changelog]]<br />
* [[9.1.0 Changelog]]<br />
* [[9.0.2 Changelog]]<br />
* [[9.0.1 Changelog]]<br />
* [[9.0.0 Changelog]]<br />
<br />
--></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=16.6_Changelog&diff=2844616.6 Changelog2022-11-15T19:54:54Z<p>Bcarmichael: Created page with "= 16.6 = Version 16.6 includes an update to the operating system to Debian 11 [https://www.debian.org/releases/bullseye/ Debian 11 Bullseye]. Other changes include branding u..."</p>
<hr />
<div>= 16.6 =<br />
<br />
Version 16.6 includes an update to the operating system to Debian 11 [https://www.debian.org/releases/bullseye/ Debian 11 Bullseye]. Other changes include branding updates and official localization of the web administration to German and Japanese.<br />
<br />
== Bug Fixes ==<br />
* Fixed - IPsec cipher list was incomplete for phase 1. It now includes the same cipher options as phase 2. The default ciphers have also been updated to match modern standards.<br />
* Fixed - LDAP queries to Active Directory with Smart card authentication enabled now work.<br />
<br />
'''Important notice:'''<br />
* This release requires a system restart.<br />
* Some CSS files may be cached resulting in inconsistent colors. Clearing the browser cache is recommended.<br />
* Python scripts in Captive Portal custom pages is no longer supported. Any custom scripts are no longer supported and may not work after upgrading.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=Captive_Portal&diff=28423Captive Portal2022-10-28T14:23:51Z<p>Bcarmichael: /* Custom Pages */</p>
<hr />
<div>[[Category:Applications]]<br />
<span style="display:none" class="helpSource captive_portal">Captive_Portal</span><br />
<span style="display:none" class="helpSource captive_portal_status">Captive_Portal#Status</span><br />
<span style="display:none" class="helpSource captive_portal_capture_rules">Captive_Portal#Capture_Rules</span><br />
<span style="display:none" class="helpSource captive_portal_passed_hosts">Captive_Portal#Passed_Hosts</span><br />
<span style="display:none" class="helpSource captive_portal_captive_page">Captive_Portal#Captive_Page</span><br />
<span style="display:none" class="helpSource captive_portal_user_authentication">Captive_Portal#User_Authentication</span><br />
<span style="display:none" class="helpSource captive_portal_user_event_log">Captive_Portal#User_Event_Log</span><br />
<span style="display:none" class="helpSource captive_portal_rule_event_log">Captive_Portal#Rule_Event_Log</span><br />
<br />
{| width='100%'<br />
|-<br />
| align="center" | [[Image:CaptivePortal.png|128px]] &nbsp; &nbsp; '''Captive Portal'''<br />
| align="center" |<br />
{|<br />
|-<br />
| Other Links:<br />
|-<br />
|[http://www.untangle.com/store/captive-portal.html Captive Portal Description Page]<br />
|-<br />
|[http://demo.untangle.com/admin/index.do#apps/1/captive-portal Captive Portal Demo]<br />
|-<br />
|[http://forums.untangle.com/captive-portal/ Captive Portal Forums]<br />
|-<br />
|[[Captive Portal Reports]]<br />
|-<br />
|[[Captive Portal FAQs]]<br />
|}<br />
|}<br />
<br />
<br />
----<br />
<br />
<br />
== About Captive Portal ==<br />
<br />
Captive Portal allows administrators to require network users to log in or accept a network usage policy before accessing the internet. Captive Portal can authenticate users against NG Firewall's built-in [[Local Directory]], Active Directory (if [[Directory Connector]] is installed), or RADIUS. It can be used to set up policies (for [[Policy Manager]]) by username (or group name if using Active Directory) rather than IP. While Captive Portal is running, '''captured''' machines will be forced to authenticate (or just press OK) on the Captive Portal page before they are able to access the internet.<br />
<br />
Captive Portal is a common technique used to identify users on the network as describe in [[User Management]].<br />
<br />
<br />
=== Getting Started with Captive Portal ===<br />
<br />
After installing Captive Portal, complete the following steps to get it working:<br />
<br />
# Define which machines will be '''captured''' and required to complete the Captive Portal process before accessing the Internet - enabling the first example rule in the Capture Rules table will force all machines on the internal interface to use Captive Portal.<br />
# Enter any IPs that unauthenticated machines will need to access - these can be entered in the '''Pass Listed Server Addresses''' section of the '''Passed Hosts''' tab.<br />
# Enter any IPs that always need access to the internet - these can be entered in the '''Pass Listed Client Addresses''' section of the '''Passed Hosts''' tab.<br />
# Customize the Captive Portal page on the '''Captive Page''' tab. If '''Basic Login''' is chosen, set the appropriate authentication method for users on the '''User Authentication''' tab.<br />
# Turn on Captive Portal.<br />
<br />
At this point Captive Portal will evaluate your '''Capture Rules''' and any traffic that matches will be stopped until that user has completed the Captive Portal process.<br />
<br />
== Settings ==<br />
<br />
This section reviews the different settings and configuration options available for Captive Portal.<br />
<br />
<br />
=== Status ===<br />
<br />
This tab shows the current status of Captive Portal. You can see information about current captured IPs, such as the username and other session information. You can also logout any active session.<br />
<br />
{{AppScreenshot|captive-portal|status}}<br />
<br />
<br />
=== Capture Rules ===<br />
<br />
The '''Capture Rules''' tab allows you to specify rules to Capture or Pass traffic that crosses the NG Firewall.<br />
<br />
The [[Rules|Rules documentation]] describes how rules work and how they are configured. Captive Portal uses rules to determine whether to capture or pass each network session. The rules are evaluated in order, and on the first match, the configured action will be applied. If no rules match, the traffic is allowed by default. <br />
<br />
If the action is ''Pass'' the session is passed, regardless of the clients authentication status.<br />
If the action is ''Capture'' the session is "captured" which means several different things depending on several factors:<br />
* If the client is authenticated, the session is passed<br />
* If the client is not authenticated and the protocol is tcp and the destination port = 80, then a redirect to the captive portal page is sent.<br />
* If the client is not authenticated and the protocol is tcp and the destination port = 443, then a redirect to the captive portal page is sent. (The certificate will not match as the captive portal is not actually the requested server)<br />
* If the client is not authenticated and the destination port = 53, then a DNS response is sent after validating it is a valid DNS request.<br />
* If the client is not authenticated and the session has a destination port != 53,80,443 then then session is blocked.<br />
<br />
{{AppScreenshot|captive-portal|capture-rules}}<br />
<br />
<br />
=== Passed Hosts ===<br />
<br />
The '''Pass Hosts''' tab allows you to specify machines that either '''a)''' should not be affected by Captive Portal, or '''b)''' servers that machines behind Captive Portal should be able to access even if unauthenticated.<br />
<br />
*'''Pass Listed Client Addresses''': These machines will not be affected by Captive Portal. This is useful for servers and devices without browsers.<br />
<br />
*'''Pass Listed Server Addresses''': Machines behind Captive Portal will be able to access these servers whether or not they have authenticated through Captive Portal. Typically these will be any DNS or DHCP servers that are separated from their clients by NG Firewall. If NG Firewall is handling DHCP or DNS, this is not necessary.<br />
<br />
{{AppScreenshot|captive-portal|passed-hosts}}<br />
<br />
<br />
=== Captive Page ===<br />
<br />
This tab controls the type of Captive Portal page displayed to unauthenticated users. Please note that you can use HTML in the Captive Portal page fields, however invalid HTML will prevent the page from properly rendering.<br />
<br />
* '''Basic Message''': Select this option if users should see (or accept) a message before being allowed to the internet. It has several tunable properties such as '''Page Title,''' '''Welcome Text,''' '''Message Text''' and '''Lower Text'''. If '''Agree Checkbox''' is enabled, users must check a checkbox (labeled with the '''Agree Text''') before continuing.<br />
<br />
* '''Basic Login''': Select this option if users should see a page that requires them to login. Similar to '''Basic Message''', it has several properties that can be configured. When the login/continue button on the page is clicked the user will be authenticated. You'll also need to set your authentication method on the '''User Authentication''' tab.<br />
<br />
* '''Custom''': Select this option if you would like to upload a custom Captive Portal page. This is for experienced web developers that are comfortable with HTML, Python and JavaScript - the Edge Threat Management Support department can not help with development of custom Captive Portal pages. If '''Custom''' is selected it is advised to turn off automatic upgrades - newer versions of NG Firewall may be incompatible with any custom captive page.<br />
<br />
<br /><br />
<br />
'''NOTE:''' When using 'Any OAuth provider' for User Authentication, you should select 'Basic Message'. All of the 'Page Configuration' options except for the agree checkbox and text will be used when generating the OAuth provider selection page.<br />
<br />
<br /><br />
<br />
{{AppScreenshot|captive-portal|captive-page}}<br />
<br />
===== HTTPS/Root Certificate Detection =====<br />
<br />
This feature checks if the root certificate is installed on the client machine. If the root certificate is not installed, you have the option to display a warning or block the connection. The [[Certificates#Certificate_Authority|root certificate]] used by HTTPS Inspector and other HTTPS connections to the unit including Captive Portal. This feature is highly recommended if you have HTTPS installed. The [[Certificates#Server_Certificate|server certificate]] must have all the names and IP address used on the NG Firewall. <br />
<br />
*'''Disable Certificate Detection''': No checking for the root certificate.<br />
*'''Check Certificate. Show warning when not detected''': Checks the root certificate. If not found, displays a warning with instructions to install the certificate. <br />
*'''Require Certificate. Prohibit login when not detected''': Checks the root certificate. If the root certificate is not found, the connection is blocked and the client is given instructions to install the certificate. <br />
<br />
<br />
The '''Preview Captive Portal Page''' button can be used to view what the configured captive page looks like. This button only works when Captive Portal in on.<br />
<br />
===== Session Redirect =====<br />
*'''Block instead of capture and redirect unauthenticated HTTPS connections''': The browser redirecting from a HTTPS URL to the captive page will show certificate error as the captive page is not the page requested. To avoid this error message, block the traffic and show nothing instead of showing the captive login page.<br />
*'''Use hostname instead of IP address for the capture page redirect''': Create the browser redirect using the hostname instead of the IP address of the server.<br />
** '''WARNING:''' If enabled, the admin must ensure that the hostname properly resolves to the internal IP of NG Firewall on all internal networks. If internal hosts use NG Firewall for DNS, this is automatic. If using another internal DNS server it is the administrator's responsibility to configure DNS to properly resolve to the correct internal IP on all internal networks. If this is not configured properly Captive Portal will not function properly as clients will not be able to reach the captive portal page. Host will '''NOT''' be able to reach the captive portal page if the hostname resolves to the external IP of NG Firewall.<br />
** This option is useful for organizations that have valid certificates on the NG Firewall server and wish to avoid the cert warning on the capture page. ''NOTE:'' This has nothing to do with the first warning caused by serving/spoofing the 301 redirect from a internet site to the capture page.<br />
<br />
*'''Always use HTTPS for the capture page redirect''': Always redirect to the HTTPS version of the login page when using Captive Portal.<br />
<br />
* '''Redirect URL''': Users will be rerouted to this site after successful authentication. If '''Redirect URL''' is blank they will be sent to the original destination.<br />
:Make sure to enter a complete url (e.g. <nowiki>http://www.untangle.com</nowiki>) or this setting will not properly operate.<br />
<br />
=== Custom Pages ===<br />
<br />
There are two levels for customizing the Captive Portal capture page. One is fairly easy and the other is more complex.<br />
<br />
For the easy method, you create a custom.html file and place it along with any supporting image files, etc. into a zip file, and then upload the file via the administrative interface. This allows you to customize the look and layout of the page while leveraging the existing code and application settings. To use this model, you need to be familiar with HTML and forms. We have created two examples that each include a simple and well documented custom.html file to help you get started.<br />
<br />
{| border="1" cellpadding="2"<br />
|+<br />
! Description !! Download !! Screenshot<br />
<br />
|-<br />
| style="width: 80%;" | Custom login text<br />
| [[Media:Custom_login.zip | custom_login.zip]]<br />
| [[File:Cp-custom-login-page.jpg|50px|thumb|left|screenshot]] <br />
<br />
|-<br />
| Custom agree text<br />
| [[Media:Custom_agree.zip | custom_agree.zip]]<br />
| [[File:Cp-custom-agree-page.jpg|50px|thumb|left|screenshot]] <br />
<br />
|}<br />
<br />
The more difficult method also gives you the most flexibility, as your custom zip will include a custom.py Python script. This gives you the ability to perform any kind of authentication or validation you wish. To use this model, you should be fluent in Python programming, and experience with mod_python will also be helpful.<br />
<br />
=== User Authentication ===<br />
<br />
This section controls how users will be authenticated if the '''Basic Login''' page is used.<br />
<br />
*'''None''': is used in the case where no login is required.<br />
<br />
*'''Local Directory''': Use the NG Firewall's built-in Local Directory ('''Config > Local Directory''') to authenticate users.<br />
<br />
*'''RADIUS''': Use an external RADIUS server to authenticate users. ''This option requires Directory Connector to be installed and enabled and configured.''<br />
<br />
*'''Active Directory''': can be used if user should be authenticated against an Active Directory server. ''This option requires Directory Connector to be installed and enabled and configured.''<br />
<br />
*'''Any Directory Connector''': can be used to allow users to authenticate against any of the configured and enabled Directory Connector methods. ''This option requires Directory Connector to be installed and enabled and configured.''<br />
<br />
*'''Google Account''': can be used to allow users to authenticate via OAuth using a Google account.<br />
<br />
*'''Facebook Account''': can be used to allow users to authenticate via OAuth using a Facebook account.<br />
<br />
*'''Microsoft Account''': can be used to allow users to authenticate via OAuth using a Microsoft account.<br />
<br />
*'''Any OAuth Provider''': can be used to allow users to select and authenticate using any of the supported OAuth providers. When this option is selected, unauthenticated users will first encounter the OAuth selection page where they will click the icon or link corresponding to the provider account they wish to use.<br />
<br />
The '''Session Settings''' section controls the timeout and concurrent login settings for Captive Portal.<br />
<br />
*'''Idle Timeout''': This option controls the amount of time before a host is automatically logged out if no traffic is seen. While a machine may be idle, it is still active on the network level. In this case '''Idle''' means no new TCP or UDP connections are seen by the Captive Portal. '''IMPORTANT: It is recommended to leave this at zero (not enabled).'''<br />
<br />
*'''Timeout''': This option controls the amount of time before a computer will be automatically logged out. After this the user must log in again through Captive Portal. Timeouts greater than 1440 minutes (1 day) is '''not recommended'''. The authenticated table is store in memory and will be flushed on reboot/upgrade. Additionally, the logout time should also be shorter than your DHCP lease time to assure IPs don't change before the Captive Portal timeout.<br />
<br />
*'''Allow Concurrent Logins''': This option controls if multiple machines can use the same login credentials simultaneously. If enabled, two or more users can login with the same username/password at the same time.<br />
<br />
*'''Allow Cookie-based authentication''': When enabled, a cookie is added to the users browser and used to authenticate the user in future sessions. Cookies must be allowed by the browser and not cleared when closing the browser or by other security programs. When the Cookie timeout is reached the user is forced to re-authenticate (regardless of activity). The default is 24 hours.<br />
<br />
*'''Track logins using MAC address''': When enabled, Captive Portal will use the MAC address instead of IP address to identify the client machine. If the MAC address for a given IP address is not known it will revert to using an IP address. This option is useful on smaller flat networks where NG Firewall is on the same network segment as all the hosts, and you have a very long timeout period such that a client's IP address might change.<br />
<br />
{{AppScreenshot|captive-portal|user-authentication}}<br />
<br />
== Reports ==<br />
<br />
{{:Captive Portal Reports}}<br />
<br />
<br />
== Related Topics ==<br />
<br />
[[Directory_Connector|Directory Connector]]<br />
<br />
[[Apple_Auto-Login|Apple Auto-Login]]<br />
<br />
== Captive Portal FAQs ==<br />
<br />
{{:Captive Portal FAQs}}</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=USB_image_installer&diff=28394USB image installer2022-08-18T15:15:17Z<p>Bcarmichael: /* Download */</p>
<hr />
<div>= Overview =<br />
The USB image installer provisions new Untangle hardware appliances.<br />
For installation instructions see [https://support.untangle.com/hc/en-us/articles/360045742393 Reinstalling NG Firewall On zSeries Appliances]<br />
<br />
<span style="color:red">'''Download this file ONLY if you are provisioning an officially supported Untangle hardware appliance.'''</span><br />
= Download = <br />
{| border="1" cellpadding="2" <br />
|+ <br />
! Version !! Release date !! Download link <br />
|- <br />
| 16.5.2<br />
| 2022 Aug 18 <br />
| https://downloads.untangle.com/public/untangle-clonezilla-installer-kvm-300-1652.zip<br />
|}</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=16.5_Changelog&diff=2839216.5 Changelog2022-08-11T13:56:27Z<p>Bcarmichael: /* 16.5.1 */</p>
<hr />
<div>= 16.5 =<br />
<br />
Version 16.5 includes a new ISO installer that enables admins to install and manage NG Firewall entirely via serial console for hardware appliances that do not have standard video output.<br />
<br />
== Bug Fixes ==<br />
* Fixed - OpenVPN server enforces 2FA if enabled. Users with sufficient access rights could modify the client configuration file to exclude the 2FA requirement.<br />
* Fixed - Specific types of bypass rules prevented IPS from working. A bypass rule using a specific set of conditions caused Intrusion Prevention to fail when writing out the rule.<br />
* Fixed - License update check failure notice moved to warning message. If the device could not contact the licensing server the user received a notice at the top of the screen. This notice is now displayed as a general warning message.<br />
* Fixed - License changes are no longer logged to the Settings Changes report. License checks resulted in frequent events reported to the Settings Changes report. These checks and any other license changes are no longer included in the Settings Changes report.<br />
* Fixed - System could not start if ACPI function is disabled. If a system had this feature disabled in the BIOS, it created a fault in the UVM.<br />
<br />
'''Known issues:'''<br />
* If OpenVPN requires 2FA, the tunnel configuration file includes the parameter to use 2FA. Prior to importing the tunnel configuration file, you must remove the following parameter: ''static-challenge "TOTP Code " 1''<br />
<br />
'''Important notice:'''<br />
* The OVA installation method for VMware is no longer available. For VMware installations, you can deploy via the ISO installer as a new virtual machine.<br />
<br />
= 16.5.1 =<br />
* Minor security updates.<br />
<br />
= 16.5.2 = <br />
* Updated certificate used for remote management from Edge Threat Management Dashboard (formerly Command Center).</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=Threat_Prevention&diff=28389Threat Prevention2022-08-04T15:23:00Z<p>Bcarmichael: /* Rules */</p>
<hr />
<div>[[Category:Applications]]<br />
<span style="display:none" class="helpSource threat_prevention">Threat_Prevention</span><br />
<span style="display:none" class="helpSource threat_prevention_status">Threat_Prevention#Status</span><br />
<span style="display:none" class="helpSource threat_prevention_threats">Threat_Prevention#Threats</span><br />
<span style="display:none" class="helpSource threat_prevention_rules">Threat_Prevention#Rules</span><br />
<span style="display:none" class="helpSource threat_prevention_lookup">Threat_Prevention#Threat_Lookup</span><br />
<br />
{| width='100%'<br />
|-<br />
| align="center" | [[Image:ThreatPrevention.png|128px]] &nbsp; &nbsp; '''Threat Prevention'''<br />
| align="center" |<br />
{|<br />
|-<br />
| Other Links:<br />
|-<br />
|[http://forums.untangle.com/threat-prevention/ Threat Prevention Forums]<br />
|-<br />
|[[Threat Prevention Reports]]<br />
|-<br />
|[[Threat Prevention FAQs]]<br />
|}<br />
|}<br />
<br/><br />
----<br />
<br />
<br />
== About Threat Prevention ==<br />
<br />
Threat Prevention blocks potentially harmful traffic from entering or exiting the network. This app can prevent cyber attacks to your servers (e.g. web, VoIP, and email). It is also useful to prevent data loss in case users mistakenly try to connect to a phishing site or other type of malicious host.<br />
<br />
Threat Prevention uses Threat Intelligence technology managed by Webroot BrightCloud®. Webroot BrightCloud® assesses each IP address and provides it a reputation score. The reputation score is the result of running an IP address through BrightCloud’s sensor network. The Sensor Network analyzes the IP address based on real time Global Threat Databases that are kept up to date with new and emerging threats. The Threat Prevention app works by performing a query to the BrightCloud® service, requesting for the reputation score and historical data of each IP address or URL. Based on the rating of the IP address or URL, the session may be blocked. By default, the Threat Prevention app blocks sessions with a "High Risk" rating. IP addresses or URLs rated as High Risk may be associated with the following types of attacks:<br />
* Spam Sources - IP addresses involved in tunneling spam messages through proxy, anomalous SMTP activities, and forum spam activities.<br />
* Windows Exploits - IP addresses participating in the distribution of malware, shell code, rootkits, worms or viruses for Windows platforms.<br />
* Web Attacks - IP addresses using cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force attacks to target vulnerabilities on a web server. <br />
* Botnets - IP addresses acting as Botnet Command and Control (C&C) centers, and infected zombie machines controlled by the C&C servers. <br />
* Denial of Service - The Denial of Service category includes DOS, DDOS, anomalous sync flood, and anomalous traffic detection.<br />
* Scanners - IP addresses involved in unauthorized reconnaissance activities such as probing, host scanning, port scanning and brute force login attempts. <br />
* Phishing - IP addresses hosting phishing sites and sites related to other kinds of fraudulent activities. <br />
* TOR Proxy - IP addresses acting as exit nodes for the TOR Network. Exit nodes are the last point along the proxy chain and make a direct connection to the originator’s intended destination.<br />
* Proxy - IP addresses providing proxy services, including both VPN and open web proxy services.<br />
* Mobile Threats - Denial of service, packet sniffing, address impersonation, and session hijacking<br />
<br />
== Settings ==<br />
<br />
This section reviews the different settings and configuration options available for Threat Prevention.<br />
<br />
=== Status ===<br />
<br />
The Status screen shows the running state of Threat Prevention and relevant Metrics such as the number of blocked sessions and high risk threats.<br />
<br />
[[File:Apps threat-prevention status.png|800px|thumb|center]]<br />
<div align="center">[[File:Play-circle.png|link=http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/status]]<br />
[http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/status view on demo]</div><br />
<br />
=== Threats ===<br />
<br />
In the Threats tab you can review the threshold for IP Addresses and URL Threats. The recommended and default Reputation Threshold is "High Risk". "High Risk" is the only setting that should be deployed without reviewing and understanding the implications on network traffic. 'Suspicious" will block significantly more network traffic than "High Risk" will block. <br />
<br />
[[File:Apps threat-prevention threats.png|800px|thumb|center]]<br />
<div align="center">[[File:Play-circle.png|link=http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/threats]]<br />
[http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/threats view on demo]</div><br />
<br />
=== Pass Sites ===<br />
The '''Pass Sites''' tab allows you to specify IP Addresses or URLs to exclude from Threat Prevention lookups to ensure they are permitted by this app.<br />
<br />
[[File:Apps threat-prevention pass-sites.png|800px|thumb|center]]<br />
<div align="center">[[File:Play-circle.png|link=http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/pass-sites]]<br />
[http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/pass-sites view on demo]</div><br />
<br />
<br />
=== Rules ===<br />
<br />
The '''Rules''' tab allows you to specify rules to Block, Pass or Flag traffic that crosses the NG Firewall.<br />
<br />
The [[Rules|Rules documentation]] describes how rules work and how they are configured. Threat Prevention uses rules to determine to block/pass the specific session, and if the sessions is flagged. Flagging a session marks it in the logs for reviewing in the event logs or reports, but has no direct effect on the network traffic.<br />
<br />
In addition to all the common rule types, there are four that are unique to Threat Prevention, and these can be useful for making exceptions to the general *Reputation Threshold* setting.<br />
<br />
'''Client address reputation'''<br />
The reputation value of a source IP address returned by the Webroot BrightCloud® service. This applies to incoming connections from the Internet to open services on your network.<br />
<br />
'''Server address reputation'''<br />
The reputation value of a destination IP address returned by the Webroot BrightCloud® service. This applies to outgoing connections to the Internet from hosts on your network.<br />
<br />
'''Client address category'''<br />
The reputation category of a source IP address returned by the Webroot BrightCloud® service. This applies to incoming connections from the Internet to open services on your network.<br />
<br />
'''Server address category'''<br />
The reputation category of a destination IP address returned by the Webroot BrightCloud® service. This applies to outgoing connections to the Internet from hosts on your network.<br />
<br />
==== Rule Actions ====<br />
<br />
* '''Pass''': Allows the traffic which matched the rule to flow.<br />
* '''Block''': Blocks the traffic which matched the rule.<br />
<br />
Additionally a session can be flagged. If '''Flag''' is checked the event is flagged for easier viewing in the event log. Flag is always enabled if the action is Block.<br />
<br />
[[File:Apps threat-prevention rules.png|800px|thumb|center]]<br />
<div align="center">[[File:Play-circle.png|link=http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/rules]]<br />
[http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/rules view on demo]</div><br />
<br />
=== Threat Lookup ===<br />
Threat Lookup enables you to get threat information on an IP Address or URL. This is useful to validate afterwards or confirm in advance the Reputation and other details of the IP Address or URL.<br />
Enter an IP Address or URL in the input field and click '''Search''' to get information.<br />
<br />
[[File:Apps threat-prevention threat-lookup.png|800px|thumb|center]]<br />
<div align="center">[[File:Play-circle.png|link=http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/lookup]]<br />
[http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/lookup view on demo]</div><br />
<br />
==== Threat Results ====<br />
{| border="1" cellpadding="2" width="85%%" align="center" <br />
!Result<br />
!Description<br />
|-<br />
| width="25%" | Address/URL<br />
| width="60%" | The IP Address or URL you requested to search.<br />
|-<br />
| width="25%" | Country<br />
| width="60%" | The country where the IP Address or URL originates.<br />
|-<br />
| width="25%" | Popularity<br />
| width="60%" | The popularity of the IP Address or URL based on the volume of lookups.<br />
|-<br />
| width="25%" | Recent Threat Count<br />
| width="60%" | The amount of recent occurrences that the IP Address or URL has been associated to a threat.<br />
|-<br />
| width="25%" | Age<br />
| width="60%" | The amount of time since the IP Address or URL was first noticed.<br />
|-<br />
| width="25%" | Reputation<br />
| width="60%" | The reputation of the IP Address or URL as determined by the Webroot BrightCloud reputation service.<br />
|-<br />
| width="25%" | Details<br />
| width="60%" | A description of the Reputation value.<br />
|-<br />
|}<br />
<br />
=== Advanced ===<br />
<br />
The Advanced section enables you to configure additional Threat Prevention options.<br />
<br />
'''Custom block page URL:''' Set an external location where to redirect users when they are denied access to a web site by Threat Prevention. This is useful if you want to use your own server to process the denial in a different way than the built-in denial options.<br />
<br />
'''Block Options:'''<br />
''Close connection for blocked HTTPS sessions without redirecting to block page'' If enabled, secure sites blocked by Threat Prevention do not redirect the user to a denial page and close the connection without any notice to the user. This is useful when you are not using [[SSL Inspector]] and the server's root certificate is not installed on the client device.<br />
<br />
[[File:Apps threat-prevention advanced.png|800px|thumb|center]]<br />
<div align="center">[[File:Play-circle.png|link=http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/advanced]]<br />
[http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/advanced view on demo]</div><br />
<br />
== Reports ==<br />
<br />
{{:Threat Prevention Reports}}<br />
<br />
== Threat Prevention FAQs ==<br />
<br />
=== Why is the client reputation score different from the [https://www.brightcloud.com/tools/url-ip-lookup.php BrightCloud Online Lookup tool?] ===<br />
<br />
The Webroot BrightCloud lookup tool shows the server reputation score only. When using the Threat Prevention lookup tool within NG Firewall, the result shows both the client and server reputation scores. The reputation applied to the session depends on the direction. For incoming sessions the client reputation is used. For outgoing sessions the server reputation is used.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=Threat_Prevention&diff=28388Threat Prevention2022-08-04T15:17:19Z<p>Bcarmichael: /* Rules */</p>
<hr />
<div>[[Category:Applications]]<br />
<span style="display:none" class="helpSource threat_prevention">Threat_Prevention</span><br />
<span style="display:none" class="helpSource threat_prevention_status">Threat_Prevention#Status</span><br />
<span style="display:none" class="helpSource threat_prevention_threats">Threat_Prevention#Threats</span><br />
<span style="display:none" class="helpSource threat_prevention_rules">Threat_Prevention#Rules</span><br />
<span style="display:none" class="helpSource threat_prevention_lookup">Threat_Prevention#Threat_Lookup</span><br />
<br />
{| width='100%'<br />
|-<br />
| align="center" | [[Image:ThreatPrevention.png|128px]] &nbsp; &nbsp; '''Threat Prevention'''<br />
| align="center" |<br />
{|<br />
|-<br />
| Other Links:<br />
|-<br />
|[http://forums.untangle.com/threat-prevention/ Threat Prevention Forums]<br />
|-<br />
|[[Threat Prevention Reports]]<br />
|-<br />
|[[Threat Prevention FAQs]]<br />
|}<br />
|}<br />
<br/><br />
----<br />
<br />
<br />
== About Threat Prevention ==<br />
<br />
Threat Prevention blocks potentially harmful traffic from entering or exiting the network. This app can prevent cyber attacks to your servers (e.g. web, VoIP, and email). It is also useful to prevent data loss in case users mistakenly try to connect to a phishing site or other type of malicious host.<br />
<br />
Threat Prevention uses Threat Intelligence technology managed by Webroot BrightCloud®. Webroot BrightCloud® assesses each IP address and provides it a reputation score. The reputation score is the result of running an IP address through BrightCloud’s sensor network. The Sensor Network analyzes the IP address based on real time Global Threat Databases that are kept up to date with new and emerging threats. The Threat Prevention app works by performing a query to the BrightCloud® service, requesting for the reputation score and historical data of each IP address or URL. Based on the rating of the IP address or URL, the session may be blocked. By default, the Threat Prevention app blocks sessions with a "High Risk" rating. IP addresses or URLs rated as High Risk may be associated with the following types of attacks:<br />
* Spam Sources - IP addresses involved in tunneling spam messages through proxy, anomalous SMTP activities, and forum spam activities.<br />
* Windows Exploits - IP addresses participating in the distribution of malware, shell code, rootkits, worms or viruses for Windows platforms.<br />
* Web Attacks - IP addresses using cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force attacks to target vulnerabilities on a web server. <br />
* Botnets - IP addresses acting as Botnet Command and Control (C&C) centers, and infected zombie machines controlled by the C&C servers. <br />
* Denial of Service - The Denial of Service category includes DOS, DDOS, anomalous sync flood, and anomalous traffic detection.<br />
* Scanners - IP addresses involved in unauthorized reconnaissance activities such as probing, host scanning, port scanning and brute force login attempts. <br />
* Phishing - IP addresses hosting phishing sites and sites related to other kinds of fraudulent activities. <br />
* TOR Proxy - IP addresses acting as exit nodes for the TOR Network. Exit nodes are the last point along the proxy chain and make a direct connection to the originator’s intended destination.<br />
* Proxy - IP addresses providing proxy services, including both VPN and open web proxy services.<br />
* Mobile Threats - Denial of service, packet sniffing, address impersonation, and session hijacking<br />
<br />
== Settings ==<br />
<br />
This section reviews the different settings and configuration options available for Threat Prevention.<br />
<br />
=== Status ===<br />
<br />
The Status screen shows the running state of Threat Prevention and relevant Metrics such as the number of blocked sessions and high risk threats.<br />
<br />
[[File:Apps threat-prevention status.png|800px|thumb|center]]<br />
<div align="center">[[File:Play-circle.png|link=http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/status]]<br />
[http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/status view on demo]</div><br />
<br />
=== Threats ===<br />
<br />
In the Threats tab you can review the threshold for IP Addresses and URL Threats. The recommended and default Reputation Threshold is "High Risk". "High Risk" is the only setting that should be deployed without reviewing and understanding the implications on network traffic. 'Suspicious" will block significantly more network traffic than "High Risk" will block. <br />
<br />
[[File:Apps threat-prevention threats.png|800px|thumb|center]]<br />
<div align="center">[[File:Play-circle.png|link=http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/threats]]<br />
[http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/threats view on demo]</div><br />
<br />
=== Pass Sites ===<br />
The '''Pass Sites''' tab allows you to specify IP Addresses or URLs to exclude from Threat Prevention lookups to ensure they are permitted by this app.<br />
<br />
[[File:Apps threat-prevention pass-sites.png|800px|thumb|center]]<br />
<div align="center">[[File:Play-circle.png|link=http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/pass-sites]]<br />
[http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/pass-sites view on demo]</div><br />
<br />
<br />
=== Rules ===<br />
<br />
The '''Rules''' tab allows you to specify rules to Block, Pass or Flag traffic that crosses the NG Firewall.<br />
<br />
The [[Rules|Rules documentation]] describes how rules work and how they are configured. Threat Prevention uses rules to determine to block/pass the specific session, and if the sessions is flagged. Flagging a session marks it in the logs for reviewing in the event logs or reports, but has no direct effect on the network traffic.<br />
<br />
In addition to all the common rule types, there are four that are unique to Threat Prevention, and these can be useful for making exceptions to the general *Reputation Threshold* setting.<br />
<br />
'''Source address reputation threshold'''<br />
The reputation value of a source IP address returned by the Webroot BrightCloud® service. This applies to incoming connections from the Internet to open services on your network.<br />
<br />
'''Destination address reputation threshold'''<br />
The reputation value of a destination IP address returned by the Webroot BrightCloud® service. This applies to outgoing connections to the Internet from hosts on your network.<br />
<br />
'''Source address category'''<br />
The reputation category of a source IP address returned by the Webroot BrightCloud® service. This applies to incoming connections from the Internet to open services on your network.<br />
<br />
'''Destination address category'''<br />
The reputation category of a destination IP address returned by the Webroot BrightCloud® service. This applies to outgoing connections to the Internet from hosts on your network.<br />
<br />
==== Rule Actions ====<br />
<br />
* '''Pass''': Allows the traffic which matched the rule to flow.<br />
* '''Block''': Blocks the traffic which matched the rule.<br />
<br />
Additionally a session can be flagged. If '''Flag''' is checked the event is flagged for easier viewing in the event log. Flag is always enabled if the action is Block.<br />
<br />
[[File:Apps threat-prevention rules.png|800px|thumb|center]]<br />
<div align="center">[[File:Play-circle.png|link=http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/rules]]<br />
[http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/rules view on demo]</div><br />
<br />
=== Threat Lookup ===<br />
Threat Lookup enables you to get threat information on an IP Address or URL. This is useful to validate afterwards or confirm in advance the Reputation and other details of the IP Address or URL.<br />
Enter an IP Address or URL in the input field and click '''Search''' to get information.<br />
<br />
[[File:Apps threat-prevention threat-lookup.png|800px|thumb|center]]<br />
<div align="center">[[File:Play-circle.png|link=http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/lookup]]<br />
[http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/lookup view on demo]</div><br />
<br />
==== Threat Results ====<br />
{| border="1" cellpadding="2" width="85%%" align="center" <br />
!Result<br />
!Description<br />
|-<br />
| width="25%" | Address/URL<br />
| width="60%" | The IP Address or URL you requested to search.<br />
|-<br />
| width="25%" | Country<br />
| width="60%" | The country where the IP Address or URL originates.<br />
|-<br />
| width="25%" | Popularity<br />
| width="60%" | The popularity of the IP Address or URL based on the volume of lookups.<br />
|-<br />
| width="25%" | Recent Threat Count<br />
| width="60%" | The amount of recent occurrences that the IP Address or URL has been associated to a threat.<br />
|-<br />
| width="25%" | Age<br />
| width="60%" | The amount of time since the IP Address or URL was first noticed.<br />
|-<br />
| width="25%" | Reputation<br />
| width="60%" | The reputation of the IP Address or URL as determined by the Webroot BrightCloud reputation service.<br />
|-<br />
| width="25%" | Details<br />
| width="60%" | A description of the Reputation value.<br />
|-<br />
|}<br />
<br />
=== Advanced ===<br />
<br />
The Advanced section enables you to configure additional Threat Prevention options.<br />
<br />
'''Custom block page URL:''' Set an external location where to redirect users when they are denied access to a web site by Threat Prevention. This is useful if you want to use your own server to process the denial in a different way than the built-in denial options.<br />
<br />
'''Block Options:'''<br />
''Close connection for blocked HTTPS sessions without redirecting to block page'' If enabled, secure sites blocked by Threat Prevention do not redirect the user to a denial page and close the connection without any notice to the user. This is useful when you are not using [[SSL Inspector]] and the server's root certificate is not installed on the client device.<br />
<br />
[[File:Apps threat-prevention advanced.png|800px|thumb|center]]<br />
<div align="center">[[File:Play-circle.png|link=http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/advanced]]<br />
[http://demo.untangle.com/admin/index.do#apps/1/threat-prevention/advanced view on demo]</div><br />
<br />
== Reports ==<br />
<br />
{{:Threat Prevention Reports}}<br />
<br />
== Threat Prevention FAQs ==<br />
<br />
=== Why is the client reputation score different from the [https://www.brightcloud.com/tools/url-ip-lookup.php BrightCloud Online Lookup tool?] ===<br />
<br />
The Webroot BrightCloud lookup tool shows the server reputation score only. When using the Threat Prevention lookup tool within NG Firewall, the result shows both the client and server reputation scores. The reputation applied to the session depends on the direction. For incoming sessions the client reputation is used. For outgoing sessions the server reputation is used.</div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=NG_Firewall_Changelogs&diff=28234NG Firewall Changelogs2022-05-03T16:14:59Z<p>Bcarmichael: /* Old NGFW Changelogs */</p>
<hr />
<div>The sections below detail notable changes made to the NG Firewall software in each revision.<br />
<br />
= Major Releases =<br />
* [[16.5 Changelog]]<br />
* [[16.4 Changelog]]<br />
* [[16.3 Changelog]]<br />
* [[16.2 Changelog]]<br />
* [[16.1 Changelog]]<br />
* [[16.0 Changelog]]<br />
* [[15.1 Changelog]]<br />
* [[15.0.0 Changelog]]<br />
* [[14.2.2 Changelog]]<br />
* [[14.2.1 Changelog]]<br />
* [[14.2.0 Changelog]]<br />
* [[14.1.2 Changelog]]<br />
* [[14.1.1 Changelog]]<br />
* [[14.1.0 Changelog]]<br />
* [[14.0.1 Changelog]]<br />
* [[14.0.0 Changelog]]<br />
* [[13.2.1 Changelog]]<br />
* [[13.2.0 Changelog]]<br />
* [[13.1.1 Changelog]]<br />
* [[13.1.0 Changelog]]<br />
* [[13.0.0 Changelog]]<br />
<br />
= Date Changes =<br />
<br />
Minor builds are newly released updates or builds without a change in the overall MAJOR.MINOR version number. The date changelog shows all changes by date.<br />
<br />
[[Date Changelog]]<br />
<br />
= Active Directory Monitor =<br />
<br />
The Active Directory Monitor software installs on the Active Directory server and is released independently of other products.<br />
<br />
[[Active Directory Monitor Changelog]]<br />
<br />
<!-- hiding as this is very old content<br />
<br />
= Old NGFW Changelogs =<br />
<br />
* [[12.2.1 Changelog]]<br />
* [[12.2.0 Changelog]]<br />
* [[12.1.2 Changelog]]<br />
* [[12.1.1 Changelog]]<br />
* [[12.1.0 Changelog]]<br />
* [[12.0.1 Changelog]]<br />
* [[12.0.0 Changelog]]<br />
* [[11.2.1 Changelog]]<br />
* [[11.2.0 Changelog]]<br />
* [[11.1.0 Changelog]]<br />
* [[11.0.1 Changelog]]<br />
* [[11.0.0 Changelog]]<br />
* [[10.2.1 Changelog]]<br />
* [[10.2.0 Changelog]]<br />
* [[10.1.0 Changelog]]<br />
* [[10.0.0 Changelog]]<br />
* [[9.4.2 Changelog]]<br />
* [[9.4.1 Changelog]]<br />
* [[9.4.0 Changelog]]<br />
* [[9.3.2 Changelog]]<br />
* [[9.3.1 Changelog]]<br />
* [[9.3.0 Changelog]]<br />
* [[9.2.1 Changelog]]<br />
* [[9.2.0 Changelog]]<br />
* [[9.1.1 Changelog]]<br />
* [[9.1.0 Changelog]]<br />
* [[9.0.2 Changelog]]<br />
* [[9.0.1 Changelog]]<br />
* [[9.0.0 Changelog]]<br />
<br />
--></div>Bcarmichaelhttps://wiki.edge.arista.com/index.php?title=Hardware_Setup_Guides&diff=28186Hardware Setup Guides2022-04-15T19:56:13Z<p>Bcarmichael: </p>
<hr />
<div>The setup guides for each official hardware appliance are listed below:<br />
{| border="1" cellpadding="2" style="width: 60%"<br />
|-<br />
! Appliance<br />
! Size<br />
! Download<br />
|-<br />
| e3 / e3w<br />
| 179 KB<br />
| [[:Media:HW Setup Guide - e3.pdf|e3.pdf]]<br />
|-<br />
| e6<br />
| 224 KB<br />
| [[:Media:HW Setup Guide - e6.pdf|e6.pdf]]<br />
|-<br />
| e6w<br />
| 228 KB<br />
| [[:Media:HW Setup Guide - e6w.pdf|e6w.pdf]]<br />
|-<br />
| e6wl<br />
| 234 KB<br />
| [[:Media:HW Setup Guide - e6wl.pdf|e6wl.pdf]]<br />
|-<br />
| w4<br />
| 201 KB<br />
| [[:Media:HW Setup Guide - w4.pdf|w4.pdf]]<br />
|-<br />
| w8<br />
| 354 KB<br />
| [[:Media:HW Setup Guide - w8.pdf|w8.pdf]]<br />
|-<br />
| z4<br />
| 945 KB<br />
| [[:Media:HW Setup Guide - z4.pdf|z4.pdf]]<br />
|-<br />
| z6<br />
| 210 KB<br />
| [[:Media:HW Setup Guide - z6.pdf|z6.pdf]]<br />
|-<br />
| z12<br />
| 234 KB<br />
| [[:Media:HW Setup Guide - z12.pdf|z12.pdf]]<br />
|-<br />
| z20<br />
| 249 KB<br />
| [[:Media:HW Setup Guide - z20.pdf|z20.pdf]]<br />
|-<br />
| mSeries<br />
| 375 KB<br />
| [[:Media:HW Setup Guide - mSeries.pdf|mSeries.pdf]]<br />
|-<br />
| u500<br />
| 275 KB<br />
| [[:Media:HW Setup Guide - u500.pdf|u500.pdf]]<br />
|-<br />
| u150<br />
| 258 KB<br />
| [[:Media:HW Setup Guide - u150.pdf|u150.pdf]]<br />
|-<br />
| u50<br />
| 301 KB<br />
| [[:Media:HW Setup Guide - u50.pdf| u50.pdf]]<br />
|-<br />
| u50x<br />
| 1.1 MB<br />
| [[:Media:HW Setup Guide - u50x.pdf| u50x.pdf]]<br />
|-<br />
| u50xw<br />
| 1.1 MB<br />
| [[:Media:HW Setup Guide - u50xw.pdf| u50xw.pdf]]<br />
|-<br />
| u25<br />
| 332 KB<br />
| [[:Media:HW Setup Guide - u25.pdf | u25.pdf]]<br />
|-<br />
| u25w<br />
| 335 KB<br />
| [[:Media:HW Setup Guide - u25w.pdf| u25w.pdf]]<br />
|-<br />
| u25x<br />
| 1.2 MB<br />
| [[:Media:HW Setup Guide - u25x.pdf| u25x.pdf]]<br />
|-<br />
| u25xw<br />
| 1.5 MB<br />
| [[:Media:HW Setup Guide - u25xw.pdf| u25xw.pdf]]<br />
|}</div>Bcarmichael