16.0 Changelog

From Edge Threat Management Wiki - Arista
Revision as of 18:27, 23 September 2020 by Bcarmichael (talk | contribs) (→‎IPsec)
Jump to navigationJump to search

Overview

16.0 is a major release containing the new WireGuard VPN application, UEFI support, and many improvements and bug fixes.

WireGuard

WireGuard is a very simple, yet fast and modern VPN technology that uses state-of-the-art cryptography. It can be used in both site-to-site environments as well as mobile devices.

Roaming

Creating a tunnel profile for the WireGuard client is as simple as providing a description. The public and private keys are automatically generated after saving tunnel information. On the client device, either take a picture or the QR code or paste the profile details into the client to configure the tunnel.

Tunnels

Creating site to site tunnels for other NG Firewall appliances is as simple as a copy and paste of the tunnel configuration from one endpoint to the other.

UEFI

You can now install NGFW on UEFI for most modern BIOS platforms.

IPsec

Failover

If you use WAN Failover, you can now specify to use any "Active WAN". When the primary WAN switches, IPsec tunnels reconnect using the new link. On the remote endpoint, there is a new option to allow the incoming tunnel connection from any address.

General VPN Improvements

Restarting Tunnels

Tunnels for WireGuard, OpenVPN, IPSec no longer restart the entire services, only the specific tunnels enabled, disabled, or modifed.

Automatic LAN configuration

If a tunnel matches exactly the non-WAN configuration for interfaces, if you make a change to an interface (such as to add an alias), changes will be propagated to WireGuard, OpenVPN, and IPSec tunnels.

Threat Prevention

Lookup

The Lookup now allows you to specify Source/Destination for the IP address or URL to better clarify the difference between results that can occur between client addresses and destination addresses.

Custom Page

You can now specify a custom page for Threat Prevention blocks.

Pass Sites

You can now create exceptions for IP addresses and URLs without having to create individual rules for each item.

Other

  • Numerous performance improvements have been made to reporting and HTTP traffic processing.
  • Admin UI now operates on applicable interface aliases.
  • SSL Inspector now supports TLS 1.3.
  • Under Config, System, the new Logs tab allows you to better control disk space used by logs by specifying retention.
  • Report retention can now be configured at an hourly resolution.
  • Event reports can now export what is displayed or the entire table.
  • Web event reports now have the host field before the URI field.
  • Remote syslog events are no longer cut off at a certain size limit.
  • Disk space now uses a more accurate calucation.
  • Exporting JSON content columns issues has been fixed.
  • L2TP local directory auth fails after deleting IPsec tunnels has been fixed.
  • Removing remote server from OpenVPN does not close connection has been fixed.