10.1.0 Changelog

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search

Overview

10.1 is contains some new features and architectural changes.

Major Changes

.

Downloading the Apps

The whole process of downloading the applications has been removed. Previously a user would install untangle then download & install the applications. In the old days the applications were too big to fit on a CD, among other reasons, so the applications were distributed separately after installation.

In 10.1 and the future, the applications will be preinstalled on the appliance or installed with the CD or USB key along with the platform. This makes the installation much quicker and simpler.

Now when the user logs in for the first time they will register this server with their untangle account and then they can install the applications. No download is required.

This should also simplify many other things like restoring backups, installing old versions, application download issues, etc.

High Availability

Untangle now support basic VRRP configuration to allow for hot/cold high availability of multiple Untangle servers. Multiple Untangles can be configured to "share" an IP address and where one is the master and one or more are slaves. In the event of a critical failure one of the slaves will become the master and clients will still have immediate uninterrupted access with no configuration changes.

Web Filter

Web Filter now displays a block page when blocking HTTPS even if HTTPS Inspector is not in use. Block page cert will not match, obviously, so user will have to accept the warning, but this is much better than just resetting the session.

Web Filter HTTPS blocking (without HTTPS Inspector) has been improved. Like 10.0 it will try to categorize HTTPS traffic via SNI first. However in 10.0 if no SNI was available it would try to categorize by IP which can be inaccurate. Now as a fallback it will categorize by fetching the certificate from the HTTPS site and categorizing the session based on the CN in the certificate which is far more accurate. If this process fails (very rare) then it will then fallback to IP-based categorization.

Captive Portal

Captive Portal now displays the capture page on HTTPS even if HTTPS Inspector is not in use. The capture page will require the user to accept a warning because the certificate will not match, but this is much better than just blocking the session.

Memory Conservation

Daemons (antivirus scanners, spam scanners, etc) are now only run if the application that requires them is running. This should save memory and resources in cases where users aren't running those applications which improves performance on low-memory servers.

Application Control

Added 94 new applications! Also improved skype blocking which (currently) effectively blocks skype communications.

Event Logs

Event Logs UI has been significantly improved.

  • Hiding and showing columns and all event logs have all possible columns values is now possible.
  • Filtering based on column values or any value is now available.
  • Global filtering is now available with "search" box
  • Querying for events via date range is now available.
  • The events are no longer paginated
  • The reports event logs now use the same event log viewer as the administration UI.

Other Changes

  • Logon script updated
  • Added support for my dynamic DNS services (#3153)
  • PPTP (tcp port 1723) is now bypassed by default (on new installations).
  • SNMP is now allowed on non-WANs by default (on new installations).
  • removed default Application Control Lite signatures (details here)
  • Added an bridge STP option (#11387)
  • Add "register-dns" to OpenVPN configuration (#11483)
  • Moved to java7 update21
  • Moved to extjs 4.2.2
  • Moved to tomcat 7
  • Changed email test to return actual result of mail relay.
  • Fixed MTU issue
  • Improved Ad Blocker performance
  • Many other small fixes and improvements