16.3 streamlines the setup process by consolidating the setup wizard into the Command Center add appliance wizard and installing the recommended apps by default. Other enhancements include TOTP based two factor authentication for OpenVPN, and a storage watchdog that disables reporting when free space falls below 5 GB.
Bug Fixes & Updates
- Fix: Excessive logging of Serial Getty error messages to syslog on systems without a Serial interface. These messages are no longer reported on systems without a Serial Console.
- Fix: Renamed WireGuard Connection Events to WireGuard VPN Events to better describe the reported data.
- Fix: WireGuard connection events report was only reporting the first configured tunnel.
- Fix: Copy button in WireGuard profile is now visible in Safari browser and in cases with many allowed IPs.
- Fix: WireGuard Events were are now showing accurate "Out" bytes data. Previously this information was inaccurately reported using cumulative values.
- Fix: WireGuard tunnels now support using Hostnames in the endpoint address field. Previously this field only allowed IP address input values.
- Fix: Improved the accuracy of Threat Prevention for incoming connections.
- Fix: Improved automatic detection of available private subnets in WireGuard address pool configuration.
- Fix: WireGuard tunnels no longer perform implicit NAT.
- Fix: Improved parsing of imported SSL certificates to correct missing line terminators in the PEM file.
- Fix: IPS updates are now performed as a differential to preserve bandwidth.
- Fix: The AD Workgroup name in RADIUS proxy is now converted to upper case.
- Fix: MSS clamping now applies to PPPoE and WireGuard interfaces.
- Fix: Added safeguards against certain types of injection attacks.
- Fix: Web Filter rules based on URL conditions now evaluate hostnames based on SNI.
- Fix: Changes to network configuration prevented traffic across WireGuard tunnels.
- Fix: Improved WAN Failover detection in specific network environments.
- Fix: Youtube restricted mode and search filtering was not being enforced due to changes in the Google API.
- Fix: Increased the max number of permitted concurrent DNS requests in the local resolver (DNSmasq).