KKeine Bearbeitungszusammenfassung |
KKeine Bearbeitungszusammenfassung |
||
| Zeile 34: | Zeile 34: | ||
:Administrations-Webinterface: | :Administrations-Webinterface: | ||
* [[UTM/VPN/WireGuard|Wireguard Verbindungen]] sind nun deaktivierbar | * [[UTM/VPN/WireGuard|Wireguard Verbindungen]] sind nun deaktivierbar | ||
* Beim User Interface wurde die [[UTM/UI/E-Mail_Verwaltung|E-Mail Verwaltung]] optimiert | <!-- * Beim User Interface wurde die [[UTM/UI/E-Mail_Verwaltung|E-Mail Verwaltung]] optimiert--> | ||
* Im Installationsassistenten kann nun [[UTM/CONFIG/Installationsassistent|DNS Forwarding]] konfiguriert werden | * Im Installationsassistenten kann nun [[UTM/CONFIG/Installationsassistent|DNS Forwarding]] konfiguriert werden | ||
| Zeile 112: | Zeile 112: | ||
| Nun - wir haben so grundlegende Neuerungen eingebaut, daß hier ein Versionssprung durchaus zu rechtfertigen ist.<p>Und auch wenn wir kein Problem damit hätten: Manch einem Endkunden mag es unangenehm sein eine vermeintliche Unglückszahl in der Versionsnummer auf seinen Geräten zu haben… </p> | | Nun - wir haben so grundlegende Neuerungen eingebaut, daß hier ein Versionssprung durchaus zu rechtfertigen ist.<p>Und auch wenn wir kein Problem damit hätten: Manch einem Endkunden mag es unangenehm sein eine vermeintliche Unglückszahl in der Versionsnummer auf seinen Geräten zu haben… </p> | ||
| }} | | }} | ||
{{var | Build 14.0.0.1--desc | {{var | Build 14.0.0.1--desc | ||
| * WLAN Widget funktionierte nicht mehr korrekt | | * WLAN Widget funktionierte nicht mehr korrekt | ||
| Zeile 182: | Zeile 183: | ||
;Feature: | ;Feature: | ||
* As of the upcoming USP Portal 2.0 beta, [ | * As of the upcoming USP Portal 2.0 beta, [{{#var:host}}USC/VPN/Konfiguration VPN configurations] can be published on appliances | ||
* VPN configuration from the USC can be deactivated in the [ | * VPN configuration from the USC can be deactivated in the [{{#var:host}}UTM/USC USP dialog] | ||
* Alert added if a database conversion problem occurs during a configuration import | * Alert added if a database conversion problem occurs during a configuration import | ||
* Connection of card terminals is possible with the new [ | * Connection of card terminals is possible with the new [{{#var:host}}UTM/APP/TI_Proxy TI proxy] | ||
* New wizard for [ | * New wizard for [{{#var:host}}UTM/NET/Cluster#Cluster_configuration cluster configurations] available | ||
:Administration web interface: | :Administration web interface: | ||
* Tables can now be displayed in additional styles, have paging, maximum height settings and an [ | * Tables can now be displayed in additional styles, have paging, maximum height settings and an [{{#var:host}}UTM/Tools associated configuration menu] | ||
* A [ | * A [{{#var:host}}UTM/Tools new dialog for configuring the global table settings] has been added to the navigation | ||
* For expandable tables, which entries are expanded is persisted | * For expandable tables, which entries are expanded is persisted | ||
* Tables retain their scroll position and their current page even when reloaded | * Tables retain their scroll position and their current page even when reloaded | ||
* Tables are now loaded much more efficiently - especially when paging is active | * Tables are now loaded much more efficiently - especially when paging is active | ||
* It is ensured that cell contents are always in the visible area when scrolling | * It is ensured that cell contents are always in the visible area when scrolling | ||
* extc Runtimevars can be viewed in the [ | * extc Runtimevars can be viewed in the [{{#var:host}}UTM/EXTRAS/Erweiterte_Einstellungen#Extc-Variables advanced settings] | ||
* [ | * [{{#var:host}}UTM/NET/Ethernet#Settings Interface options] for duplex and speed are always visible | ||
* The [ | * The [{{#var:host}}UTM/UI/E-Mail_Verwaltung#Email_Overview applied filter rule/selector] is now also displayed for accepted mails | ||
* [ | * [{{#var:host}}UTM/NET/Servereinstellungen#Time_Settings Multiple NTP servers] are configurable | ||
* General system information and log files can be downloaded as a compressed file directly in the [ | * General system information and log files can be downloaded as a compressed file directly in the [{{#var:host}}UTM/AUTH/Benutzerverwaltung#Support_User support user dialog] | ||
* The source IP can be selected in the [ | * The source IP can be selected in the [{{#var:host}}UTM/NET/Netzwerkwerkzeuge#Traceroute traceroute network tool] | ||
* [ | * [{{#var:host}}UTM/NET/Cluster#neu--sync Warnings about unsynchronized clusters] are displayed | ||
* [ | * [{{#var:host}}UTM/RULE/Paketfilter#Log Rules can be assigned aliases] that can be used to filter the weblog | ||
* Display of inherited [ | * Display of inherited [{{#var:host}}UTM/AUTH/Benutzerverwaltung#Permissions user authorizations] has been extended | ||
* The [ | * The [{{#var:host}}UTM/APP/mDNS-Repeater MDNS repeater] now has its own menu entry in the applications | ||
* The [ | * The [{{#var:host}}UTM/APP/Mailfilter#General mail filter] can now be activated in more dialogs | ||
* Automatic generation of OTP codes has been optimized | * Automatic generation of OTP codes has been optimized | ||
* [ | * [{{#var:host}}UTM/UI/E-Mail_Verwaltung#Tags Multiple emails can be selected and tagged simultaneously] in the user interface (#39176) | ||
* The tour has been moved to the [ | * The tour has been moved to the [{{#var:host}}UTM/CONFIG/Konfigurationsverwaltung#Installationsassistent configuration dialog] | ||
:Alerting Center: | :Alerting Center: | ||
* [ | * [{{#var:host}}UTM/AlertingCenter#Notifications Alerts are displayed in the top right of the admin interface] | ||
* [ | * [{{#var:host}}UTM/AlertingCenter#Event-based_notifications Alerts for bond interface events] have been added | ||
:Other: | :Other: | ||
* ACLs in the reverse proxy are now validated | * ACLs in the reverse proxy are now validated | ||
* [ | * [{{#var:host}}UTM/NET/Cluster#Master_Cluster_Wizard_Step_4 Wireguard interfaces are marked and deactivated for cluster spares in backup mode] | ||
* Fallback interfaces are only used as fallback if they are also online | * Fallback interfaces are only used as fallback if they are also online | ||
* [ | * [{{#var:host}}UTM/VPN/IPSec-S2S#Step_2_-_General Grouping of subnet combinations] can be deactivated in the IPSec Wizard | ||
* [ | * [{{#var:host}}UTM/NET/Cluster-Management Cluster dialog] has been redesigned | ||
;Bugfixes | ;Bugfixes | ||
| Zeile 317: | Zeile 318: | ||
;Feature | ;Feature | ||
* OTP can now be activated for individual [ | * OTP can now be activated for individual [{{#var:host}}UTM/VPN/SSL_VPN-Roadwarrior#Step_5 SSL-VPN tunnel] | ||
;Bugfixes | ;Bugfixes | ||
| Zeile 387: | Zeile 388: | ||
;Features: | ;Features: | ||
* For new installations, nginx engine for the [ | * For new installations, nginx engine for the [{{#var:host}}UTM/APP/Reverse_Proxy reverse proxy] is configured by default | ||
* Additional port shares have been added to the [ | * Additional port shares have been added to the [{{#var:host}}UTM/RULE/Paketfilter#Service_groups Windows domain service group] | ||
* New [ | * New [{{#var:host}}SUB/Konfiguration#Ports service group] for Securepoint Unified Backup ports added | ||
* Viruscan Pattern for ''Securepoint Anitvirus Pro'' can be cached with the [ | * Viruscan Pattern for ''Securepoint Anitvirus Pro'' can be cached with the [{{#var:host}}UTM/APP/HTTP_Proxy HTTP proxy] | ||
* Description for detecting and labelling potentially forged links in emails has been revised in the administration web interface | * Description for detecting and labelling potentially forged links in emails has been revised in the administration web interface | ||
* Additional IPv6 ICMP types have been added for the [ | * Additional IPv6 ICMP types have been added for the [{{#var:host}}UTM/RULE/Paketfilter#Services packet filter] | ||
;Bugfixes: | ;Bugfixes: | ||
| Zeile 495: | Zeile 496: | ||
:New Features: | :New Features: | ||
* Rule engine iptables has been replaced by [ | * Rule engine iptables has been replaced by [{{#var:host}}UTM/RULE/Paketfilter nftables] | ||
* Recognition and labeling of [ | * Recognition and labeling of [{{#var:host}}UTM/APP/Mailfilter#Fake-Erkennung potentially forged links] in emails has been revised | ||
* Dryrun now performs an automatic rollback in the event of database conversion errors | * Dryrun now performs an automatic rollback in the event of database conversion errors | ||
* [ | * [{{#var:host}}UTM/APP/Reverse_Proxy Reverse proxy] with nginx now supports NTLM | ||
* It is possible to switch to the rules engine: ‘’nftables‘’ via CLI. | * It is possible to switch to the rules engine: ‘’nftables‘’ via CLI. | ||
* A new NGinx engine can be configured for the [ | * A new NGinx engine can be configured for the [{{#var:host}}UTM/APP/Reverse_Proxy reverse proxy] | ||
* Logging can be configured directly in the tabular view of the [ | * Logging can be configured directly in the tabular view of the [{{#var:host}}UTM/RULE/Paketfilter packet filter] | ||
* Static DHCP leases are grouped [ | * Static DHCP leases are grouped [{{#var:host}}UTM/RULE/Netzwerktopologie according to pools] | ||
* Color highlighting can be set for the [ | * Color highlighting can be set for the [{{#var:host}}UTM/Log log] | ||
* The [ | * The [{{#var:host}}UTM/EXTRAS/CLI CLI terminal] can be docked and resized in the administration web interface | ||
* [ | * [{{#var:host}}UTM/RULE/Implizite_Regeln Implicit rules] can be set via a tile-based view | ||
:Administration web interface: | :Administration web interface: | ||
* Wireguard connections can now also be created specifically for [ | * Wireguard connections can now also be created specifically for [{{#var:host}}UTM/VPN/WireGuard-S2E#Step_3_-_Peer locally configured users] | ||
* Validation of keys that are added to [ | * Validation of keys that are added to [{{#var:host}}UTM/VPN/WireGuard-S2E Wireguard connections] has been improved | ||
* The menu items [ | * The menu items [{{#var:host}}UTM/EXTRAS/Erweiterte_Einstellungen "Advanced Settings"] and "Templates" are now directly available | ||
* DHCP Relay has been extended by a debug mode | * DHCP Relay has been extended by a debug mode | ||
* Appliance display in the [ | * Appliance display in the [{{#var:host}}UTM/Widgets#Appliance widget] has been revised for larger devices | ||
* Local [ | * Local [{{#var:host}}UTM/CONFIG/Konfigurationsverwaltung configurations] can be copied | ||
* Zones are automatically filled in according to routes when creating network objects | * Zones are automatically filled in according to routes when creating network objects | ||
* Rules can also be copied for the [ | * Rules can also be copied for the [{{#var:host}}UTM/APP/Webfilter web filter] | ||
* Add dialog for IPv6 routes has been optimized | * Add dialog for IPv6 routes has been optimized | ||
* Optimization of the "Use DNS server from provider" function for [ | * Optimization of the "Use DNS server from provider" function for [{{#var:host}}UTM/NET/Mutlipathrouting multipath routing] | ||
* New warning is displayed when logging out and closing the browser tab if there are still unsaved changes | * New warning is displayed when logging out and closing the browser tab if there are still unsaved changes | ||
* Network objects and leases can be deleted in the [ | * Network objects and leases can be deleted in the [{{#var:host}}UTM/RULE/Netzwerktopologie network topology] | ||
* Warning is issued when activating [ | * Warning is issued when activating [{{#var:host}}UTM/NET/Cluster-Management cluster maintenance mode] via a web session | ||
:WireGuard: | :WireGuard: | ||
| Zeile 527: | Zeile 528: | ||
:Mailfilter: | :Mailfilter: | ||
* [ | * [{{#var:host}}UTM/UI/E-Mail_Verwaltung#Tags Tag system] has been adapted ({{alert}} Attention: It may happen that existing tags no longer work correctly. After re-adding a corresponding e-mail to a tag, the filter will work correctly again.) | ||
* All emails have their hash value entered in [ | * All emails have their hash value entered in [{{#var:host}}UTM/APP/Mailfilter#Mail-Header the header field] "X-Securepoint: FHASH" | ||
* Hash values are sent to Securepoint for evaluation | * Hash values are sent to Securepoint for evaluation | ||
| Zeile 610: | Zeile 611: | ||
:New Features: | :New Features: | ||
* Feature: Rule engine iptables has been replaced by [ | * Feature: Rule engine iptables has been replaced by [{{#var:host}}UTM/RULE/Paketfilter nftables] | ||
* Feature: Recognition and labeling of [ | * Feature: Recognition and labeling of [{{#var:host}}UTM/APP/Mailfilter#Fake-Erkennung potentially forged links] in emails has been revised | ||
* Feature: Dryrun now performs an automatic rollback in the event of database conversion errors | * Feature: Dryrun now performs an automatic rollback in the event of database conversion errors | ||
* Feature: [ | * Feature: [{{#var:host}}UTM/APP/Reverse_Proxy Reverse proxy] with nginx now supports NTLM | ||
:Administration web interface: | :Administration web interface: | ||
* Feature: Wireguard connections can now also be created specifically for [ | * Feature: Wireguard connections can now also be created specifically for [{{#var:host}}UTM/VPN/WireGuard-S2E#Step_3_-_Peer locally configured users] | ||
* Feature: Validation of keys that are added to [ | * Feature: Validation of keys that are added to [{{#var:host}}UTM/VPN/WireGuard-S2E Wireguard connections] has been improved | ||
* Feature: The menu items [ | * Feature: The menu items [{{#var:host}}UTM/EXTRAS/Erweiterte_Einstellungen "Advanced Settings"] and "Templates" are now directly available | ||
* Feature: DHCP Relay has been extended by a debug mode | * Feature: DHCP Relay has been extended by a debug mode | ||
* Feature: Appliance display in the [ | * Feature: Appliance display in the [{{#var:host}}UTM/Widgets#Appliance widget] has been revised for larger devices | ||
;Bugfixes: | ;Bugfixes: | ||
| Zeile 699: | Zeile 700: | ||
;Features: | ;Features: | ||
:New functions: | :New functions: | ||
* A new NGinx engine can be configured for the [ | * A new NGinx engine can be configured for the [{{#var:host}}UTM/APP/Reverse_Proxy reverse proxy] | ||
* Logging can be configured directly in the tabular view of the [ | * Logging can be configured directly in the tabular view of the [{{#var:host}}UTM/RULE/Paketfilter packet filter] | ||
* Static DHCP leases are grouped [ | * Static DHCP leases are grouped [{{#var:host}}UTM/RULE/Netzwerktopologie according to pools] | ||
* Color highlighting can be set for the [ | * Color highlighting can be set for the [{{#var:host}}UTM/Log log] | ||
* The [ | * The [{{#var:host}}UTM/EXTRAS/CLI CLI terminal] can be docked and resized in the administration web interface | ||
* [ | * [{{#var:host}}UTM/RULE/Implizite_Regeln Implicit rules] can be set via a tile-based view | ||
:Administration web interface: | :Administration web interface: | ||
* Local [ | * Local [{{#var:host}}UTM/CONFIG/Konfigurationsverwaltung configurations] can be copied | ||
* Zones are automatically filled in according to routes when creating network objects | * Zones are automatically filled in according to routes when creating network objects | ||
* Rules can also be copied for the [ | * Rules can also be copied for the [{{#var:host}}UTM/APP/Webfilter web filter] | ||
* Add dialog for IPv6 routes has been optimized | * Add dialog for IPv6 routes has been optimized | ||
* Optimization of the "Use DNS server from provider" function for [[UTM/NET/Mutlipathrouting | * Optimization of the "Use DNS server from provider" function for[{{#var:host}}[UTM/NET/Mutlipathrouting multipath routing] | ||
* New warning is displayed when logging out and closing the browser tab if there are still unsaved changes | * New warning is displayed when logging out and closing the browser tab if there are still unsaved changes | ||
* Network objects and leases can be deleted in the [ | * Network objects and leases can be deleted in the [{{#var:host}}UTM/RULE/Netzwerktopologie network topology] | ||
* Warning is issued when activating [ | * Warning is issued when activating [{{#var:host}}UTM/NET/Cluster-Management cluster maintenance mode] via a web session | ||
:WireGuard: | :WireGuard: | ||
| Zeile 721: | Zeile 722: | ||
:Mailfilter: | :Mailfilter: | ||
* [ | * [{{#var:host}}UTM/UI/E-Mail_Verwaltung#Tags Tag system] has been adapted ({{alert}} Attention: It may happen that existing tags no longer work correctly. After re-adding a corresponding e-mail to a tag, the filter will work correctly again.) | ||
* All emails have their hash value entered in [ | * All emails have their hash value entered in [{{#var:host}}UTM/APP/Mailfilter#Mail-Header the header field] "X-Securepoint: FHASH" | ||
* Hash values are sent to Securepoint for evaluation | * Hash values are sent to Securepoint for evaluation | ||
| Zeile 762: | Zeile 763: | ||
{{var | 12.6.4-SSL-Client--Workaorund | {{var | 12.6.4-SSL-Client--Workaorund | ||
| Bearbeitung über das [[UTM/CLI/Openvpn | CLI]] oder [[UTM/EXTRAS/Firmware_Update#Rollback | Rollback]] auf die vorherige Version. | | Bearbeitung über das [[UTM/CLI/Openvpn | CLI]] oder [[UTM/EXTRAS/Firmware_Update#Rollback | Rollback]] auf die vorherige Version. | ||
| Editing via the [ | | Editing via the [{{#var:host}}UTM/CLI/Openvpn CLI] or [{{#var:host}}UTM/EXTRAS/Firmware_Update#Rollback Rollback] to the previous version. }} | ||
{{var | Build 12.6.4--desc | {{var | Build 12.6.4--desc | ||
| Zeile 832: | Zeile 833: | ||
;Features: | ;Features: | ||
:Administration web interface: | :Administration web interface: | ||
* [ | * [{{#var:host}}USC/Profile#Hinweis_USC-Profil USC profile function] can now be activated | ||
* In the [ | * In the [{{#var:host}}UTM/AUTH/Datenschutz data protection dialog], the anonymization of applications can now be activated and deactivated collectively | ||
* When the [ | * When the [{{#var:host}}UTM/NET/Cluster-Management cluster configuration] is activated, the administration web interface clearly distinguishes between the active and passive cluster | ||
* Behavior of the [ | * Behavior of the [{{#var:host}}UTM/APP/Mailfilter#Mail_archive mail filter TNEF processing] can be set more specifically | ||
* The [ | * The [{{#var:host}}UTM/Widgets#Optional_Widgets DHCP widget] is no longer supported and contains a link to the new network topology dialog | ||
* Static leases can be viewed in the [ | * Static leases can be viewed in the [{{#var:host}}UTM/RULE/Netzwerktopologie network topology dialog] | ||
* Automatic firmware updates can now also be used when [ | * Automatic firmware updates can now also be used when [{{#var:host}}UTM/EXTRAS/Firmware_Update#Planning_update USC is activated] | ||
:Other: | :Other: | ||
* [{{#var:host}}UTM/APP/Connection-Rate-Limit Throttling for incoming UDP and TCP packets] can be configured via the CLI and is activated for UDP on the external interface for new installations | * [{{#var:host}}UTM/APP/Connection-Rate-Limit Throttling for incoming UDP and TCP packets] can be configured via the CLI and is activated for UDP on the external interface for new installations | ||
* [ | * [{{#var:host}}UTM/NET/SNMP-OIDs#SECUREPOINT-UTM.mib SNMP queries] for an IPSec connection with multiple subnets are now possible | ||
* The scope of the [ | * The scope of the [{{#var:host}}UTM/UI/WOL Wake on LAN] function has been optimized | ||
;Bugfixes: | ;Bugfixes: | ||
| Zeile 892: | Zeile 893: | ||
| ;Features: | | ;Features: | ||
New features: | New features: | ||
* [ | * [{{#var:host}}UTM/Tools Dark Mode] available | ||
* [ | * [{{#var:host}}UTM/NET/Bond Bond configuration] for Ethernet interfaces | ||
* OpenVPN: Support of TLS-Crypt for [ | * OpenVPN: Support of TLS-Crypt for [{{#var:host}}UTM/VPN/SSL_VPN-Roadwarrior#Edit_connection Roadwarrior] and [{{#var:host}}UTM/VPN/SSL_VPN-S2S#Section_General S2S] | ||
* [ | * [{{#var:host}}UTM/NET/Cluster-Management#Configuration Interface check] before cluster synchronization | ||
Updates: | Updates: | ||
* [ | * [{{#var:host}}UTM/NET/Cluster-Management#Configuration Cluster-Syncronization] of virus patterns, mail archive hashes (spam) and the GEO-IP list | ||
* [ | * [{{#var:host}}UTM/NET/SNMP-OIDs#WireGuard Wireguard Status via SNMP] readable | ||
* [ | * [{{#var:host}}UTM/APP/IGMP_Proxy#Whitelist Allowlist in IGMP proxy] configurable | ||
Other: | Other: | ||
* Layout of [ | * Layout of [{{#var:host}}UTM/APP/SSL-Interception Selection of SSL Interception] has been revised for the HTTP proxy | ||
* Units in QoS can be set in Gbit/s | * Units in QoS can be set in Gbit/s | ||
* IKEv1 protocol is marked as obsolete (IPSec) | * IKEv1 protocol is marked as obsolete (IPSec) | ||
| Zeile 1.038: | Zeile 1.039: | ||
:New functions: | :New functions: | ||
* Static IPv6 routes with a gateway IP can be assigned directly to an interface | * Static IPv6 routes with a gateway IP can be assigned directly to an interface | ||
* When changing interfaces, affected [{{#var:host}}UTM/NET/Ethernet#Create_an_Ethernet_interface | * When changing interfaces, affected [{{#var:host}}UTM/NET/Ethernet#Create_an_Ethernet_interface network objects] can be adapted dynamically | ||
* Router Advertisement allows you to set whether both IPv4 and IPv6 addresses should be assigned for the respective interface or only IPv4 | * Router Advertisement allows you to set whether both IPv4 and IPv6 addresses should be assigned for the respective interface or only IPv4 | ||
* Radius timeout for SSL-RW OpenVPN connections can be configured via CLI | * Radius timeout for SSL-RW OpenVPN connections can be configured via CLI | ||
| Zeile 1.186: | Zeile 1.187: | ||
;Features | ;Features | ||
:Operating System: | :Operating System: | ||
* [ | * [{{#var:host}}UTM/AUTH/Zertifikate SSL legacy support] can now be configured via webinterface. It is not recommended to use this option | ||
* IPv4/IPv6 route hints can now be assigned even if the respective other ip version is configured for dhcp | * IPv4/IPv6 route hints can now be assigned even if the respective other ip version is configured for dhcp | ||
:USC / USR: | :USC / USR: | ||
* UTMs without a public address, that are connected to the portal, can now be connected to via websession | * UTMs without a public address, that are connected to the portal, can now be connected to via websession | ||
* [ | * [{{#var:host}}USC/Websession#Websession_with_UTM_up_to_v12.5.0 Websessions] can now be used by other users when there is no "admin" | ||
:Wireguard: | :Wireguard: | ||
* [ | * [{{#var:host}}UTM/AUTH/Benutzerverwaltung Endpoint port] can now be changed during the wireguard wizard | ||
:Mailconnector: | :Mailconnector: | ||
* TLS Version can now be changed for [ | * TLS Version can now be changed for [{{#var:host}}UTM/APP/Mail_Connector#Services mailconnector] connections | ||
:Alerting Center | :Alerting Center | ||
* DKIM can now be activated for [ | * DKIM can now be activated for [{{#var:host}}UTM/APP/Mailrelay#Signing alerting center mails] | ||
:Administrations-Webinterface: | :Administrations-Webinterface: | ||
* When configuring [ | * When configuring [{{#var:host}}UTM/AUTH/AD_Anbindung AD/LDAP] you can now use the same LDAP attribute for multiple local attributes | ||
:Other: | :Other: | ||
* Option added to [ | * Option added to [{{#var:host}}UTM/VPN/SSL_VPN-Roadwarrior#Advanced SSL-VPN] connections to allow multiple roadwarriors to connect using the same credentials | ||
;Bugfixes | ;Bugfixes | ||
* Error fixed that could lead to sensitive data being shown in the audit log | * Error fixed that could lead to sensitive data being shown in the audit log | ||
| Zeile 1.234: | Zeile 1.235: | ||
:<u>Operating System:</u> | :<u>Operating System:</u> | ||
* [[UTM/EXTRAS/Firmware_Update#Firmware_Update | Automatische Firmware Updates]] können nun lokal konfiguriert werden | * [[UTM/EXTRAS/Firmware_Update#Firmware_Update | Automatische Firmware Updates]] können nun lokal konfiguriert werden | ||
* [[UTM/AUTH/AD_Anbindung# | * [[UTM/AUTH/AD_Anbindung#UTM_mit_Entra_ID_anbinden | Azure]] kann nun zur Benutzerverwaltung angebunden werden<br><i class="fal fa-construction"></i> Known Issue: Das Mailrelay funktioniert noch nicht mit Azure Benutzer Konten<br><i class="fal fa-construction"></i> Known Issue: Azure Benutzer mit MFA Login können nicht verwendet werden | ||
* Zu der vorhandenen Fail2ban Funktion, wurde eine weitere Sicherung eingebaut um falsche[[UTM/Administration#Begrenzung_/_Drosselung_der_Login-Versuche | Login-Versuche]] zu drosseln | * Zu der vorhandenen Fail2ban Funktion, wurde eine weitere Sicherung eingebaut um falsche[[UTM/Administration#Begrenzung_/_Drosselung_der_Login-Versuche | Login-Versuche]] zu drosseln | ||
:<u>USC / USR:</u> | :<u>USC / USR:</u> | ||
| Zeile 1.247: | Zeile 1.248: | ||
* Option um Verbindungsorientiere [[UTM/APP/HTTP_Proxy#Allgemein | Microsoft-Authentifizierung]] weiterzuleiten lässt sich konfigurieren | * Option um Verbindungsorientiere [[UTM/APP/HTTP_Proxy#Allgemein | Microsoft-Authentifizierung]] weiterzuleiten lässt sich konfigurieren | ||
:<u>DHCP:</u> | :<u>DHCP:</u> | ||
* Ein [[UTM/NET/DHCP_Server-v4# | * Ein [[UTM/NET/DHCP_Server-v4#Einstellungen_-_DHCP_Optionen | next-server]] lässt sich nun bei DHCP Verbindungen einstellen | ||
:<u>Mailconnector:</u> | :<u>Mailconnector:</u> | ||
* [[UTM/APP/Mail_Connector#Dienste | Prüfung von Zertifikaten]] ist nun konfigurierbar | * [[UTM/APP/Mail_Connector#Dienste | Prüfung von Zertifikaten]] ist nun konfigurierbar | ||
| Zeile 1.279: | Zeile 1.280: | ||
:<u>Operating System:</u> | :<u>Operating System:</u> | ||
* Automatic system updates can now be configured local | * Automatic system updates can now be configured local | ||
* [ | * [{{#var:host}}UTM/AUTH/AD_Anbindung#Connect_UTM_with_Entra_ID Azure] can now be used for user management | ||
* Known Issue: The mailrelay is not operable with azure users yet | * Known Issue: The mailrelay is not operable with azure users yet | ||
* Known Issue: Azure users with MFA login can not be used yet | * Known Issue: Azure users with MFA login can not be used yet | ||
* A limit for failed [ | * A limit for failed [{{#var:host}}UTM/Administration#Limitation_/_throttling_of_login_attempts login attempts] was implemented | ||
:<u>USC / USR:</u> | :<u>USC / USR:</u> | ||
* A [ | * A [{{#var:host}}USC/Websession#Websession websession] can now be secured with a PIN | ||
* Known Issue: Websession login via user login mask is not yet operational and will be implemented by version 12.5.2 | * Known Issue: Websession login via user login mask is not yet operational and will be implemented by version 12.5.2 | ||
:<u>IPSec:</u> | :<u>IPSec:</u> | ||
* [ | * [{{#var:host}}UTM/VPN/IPSec-S2S#IKEv2 Rekeying and lifetime] will be adapted for better compatibility with an update to version 12.5.0 | ||
:<u>WireGuard:</u> | :<u>WireGuard:</u> | ||
* [ | * [{{#var:host}}UTM/Widgets#WireGuard WireGuard widget] will now show user assigned connections with status | ||
:<u>Cluster:</u> | :<u>Cluster:</u> | ||
* Cluster [ | * Cluster [{{#var:host}}UTM/NET/Cluster-Management#Maintenance_Mode maintenance mode] can now be toggled in the new management tab | ||
:<u>HTTP Proxy:</u> | :<u>HTTP Proxy:</u> | ||
* Option to forward [ | * Option to forward [{{#var:host}}UTM/APP/HTTP_Proxy#General Microsoft connection oriented authentication] was added | ||
:<u>DHCP:</u> | :<u>DHCP:</u> | ||
* DHCP server can now be configured with a [ | * DHCP server can now be configured with a [{{#var:host}}UTM/NET/DHCP_Server-v4#Options_-_DHCP_Optionen next-server] | ||
:<u>Mailconnector:</u> | :<u>Mailconnector:</u> | ||
* Verification of certificates can now be configured | * Verification of certificates can now be configured | ||
:<u>Mailfilter:</u> | :<u>Mailfilter:</u> | ||
* A new category "Unknown/Unbekannt" was added to the [ | * A new category "Unknown/Unbekannt" was added to the [{{#var:host}}UTM/APP/Webfilter#Add_Rule web- and mailfilter] | ||
:<u>Alerting Center:</u> | :<u>Alerting Center:</u> | ||
* [ | * [{{#var:host}}UTM/AlertingCenter#Event-based_notifications A new alert] was added for failed websession PIN verifications | ||
:<u>Administrations-Webinterface:</u> | :<u>Administrations-Webinterface:</u> | ||
* Adding a new network object using [ | * Adding a new network object using [{{#var:host}}UTM/NET/PPPoE PPPoE and VDLS] was merged | ||
* Expiration date of imported CRLs is now shown | * Expiration date of imported CRLs is now shown | ||
* Passwords can now be toggled visible | * Passwords can now be toggled visible | ||
* [ | * [{{#var:host}}UTM/AUTH/Zertifikate#Export_certificates_/_CAs Export destination] selection for keys was improved | ||
:<u>Other:</u> | :<u>Other:</u> | ||
* New installations have the implied rule "Disable Hide NAT" activated by default | * New installations have the implied rule "Disable Hide NAT" activated by default | ||
| Zeile 1.488: | Zeile 1.489: | ||
* In [{{#var:host}}UTM/CONFIG/Installationsassistent#Step_7_-_Certificate Step 7] CA and server certificates can be generated directly via the wizard | * In [{{#var:host}}UTM/CONFIG/Installationsassistent#Step_7_-_Certificate Step 7] CA and server certificates can be generated directly via the wizard | ||
:<u>Portfilter:</u> | :<u>Portfilter:</u> | ||
* [{{#var:host}}UTM/RULE/Portfilter# Portfilter_rule Portfilter rules] can now be copied individually in the user interface | * [{{#var:host}}UTM/RULE/Portfilter#Portfilter_rule Portfilter rules] can now be copied individually in the user interface | ||
* For network objects the number of available pages is displayed | * For network objects the number of available pages is displayed | ||
* Newly created network objects are added before the GeoIP network objects | * Newly created network objects are added before the GeoIP network objects | ||
| Zeile 1.651: | Zeile 1.652: | ||
* '''Security Bugfix:''' ClamAV updated ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434 CVE-2022-37434], [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303 CVE-2022-40303], [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304 CVE-2022-40304]) | * '''Security Bugfix:''' ClamAV updated ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434 CVE-2022-37434], [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303 CVE-2022-40303], [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304 CVE-2022-40304]) | ||
* Maintenance: USR log-messages were adapted for the new SSL interception | * Maintenance: USR log-messages were adapted for the new SSL interception | ||
* Feature: OAuth2 Provider for Google Workspace and Microsoft 365 can now be configured for the [ | * Feature: OAuth2 Provider for Google Workspace and Microsoft 365 can now be configured for the [{{#var:host}}UTM/APP/Mail_Connector#OAuth_2 mailconnector] | ||
* Feature: [ | * Feature: [{{#var:host}}UTM/VPN/IPSec-DHCP IPSec] capabilities added: DHCP/virtual IPs, broadcast, EAP-TLS and EAP-MSCHAPv2 | ||
* Feature: [ | * Feature: [{{#var:host}}UTM/VPN/IPSec-S2E#General_2 Mobike] now toggleable via ui for IPSec | ||
* Feature: [{{#var:host}}UTM/AUTH/Schluessel Keys exported from the ui] are now automatically prefixed with priv or pub based on type | * Feature: [{{#var:host}}UTM/AUTH/Schluessel Keys exported from the ui] are now automatically prefixed with priv or pub based on type | ||
* Bugfix: DHCP-relay was inoperable when using 10GBe-plug-ins | * Bugfix: DHCP-relay was inoperable when using 10GBe-plug-ins | ||
| Zeile 1.673: | Zeile 1.674: | ||
* '''Security Bugfix:''' Kernel update ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41674 CVE-2022-41674], [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42719 CVE-2022-42719], [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42720 CVE-2022-42720], [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42721 CVE-2022-42721], [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42722 CVE-2022-42722]) | * '''Security Bugfix:''' Kernel update ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41674 CVE-2022-41674], [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42719 CVE-2022-42719], [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42720 CVE-2022-42720], [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42721 CVE-2022-42721], [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42722 CVE-2022-42722]) | ||
* '''Security Bugfix:''' Squid service update ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41318 CVE-2022-41318]) | * '''Security Bugfix:''' Squid service update ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41318 CVE-2022-41318]) | ||
* Maintenance: [ | * Maintenance: [{{#var:host}}VPN VPN Client] updated | ||
* Bugfix: Traceroute with IPv6 was not possible over UI | * Bugfix: Traceroute with IPv6 was not possible over UI | ||
* Bugfix: Mails with a xlsx attachment couldn't be downloaded | * Bugfix: Mails with a xlsx attachment couldn't be downloaded | ||
| Zeile 1.932: | Zeile 1.933: | ||
* Bugfix: Fixed a bug where the search dialog did not work correctly anymore | * Bugfix: Fixed a bug where the search dialog did not work correctly anymore | ||
* Bugfix: Port filter rules with HIDENAT option now have the external interface as preselection again | * Bugfix: Port filter rules with HIDENAT option now have the external interface as preselection again | ||
* Maintenance: Default settings for first time installtions [ | * Maintenance: Default settings for first time installtions [{{#var:host}}UTM/APP/IDS-IPS#CDC Threat Intelligence Filter] changed to '''Log andblock connection''' }} | ||
{{var | 1=Build 12.2.2--desc | {{var | 1=Build 12.2.2--desc | ||
| Zeile 1.957: | Zeile 1.958: | ||
* Maintenance: Aktualisierungen der Appliance Bilder für RC340 | * Maintenance: Aktualisierungen der Appliance Bilder für RC340 | ||
| 3=* '''Security Bugfix:''' Kernel update. ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2022-0847 CVE-CVE-2022-0847]) | | 3=* '''Security Bugfix:''' Kernel update. ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2022-0847 CVE-CVE-2022-0847]) | ||
* Feature: Accesses to and through the UTM can now be filtered via [ | * Feature: Accesses to and through the UTM can now be filtered via [{{#var:host}}UTM/GeoIP GeoIP]. Familiarize yourself with the new feature here: [{{#var:host}}UTM/GeoIP UTM/GeoIP] | ||
* Feature: It is now possible to open Site-To-Site and Roadwarrior connections via [ | * Feature: It is now possible to open Site-To-Site and Roadwarrior connections via [{{#var:host}}UTM/VPN/WireGuard WireGuard]. | ||
* Feature: New hint dialog at login if [ | * Feature: New hint dialog at login if [{{#var:host}}UTM/NET/DHCP_Server-v4 DHCP Leases are not assigned to a pool]. | ||
* Feature: The URL filter [ | * Feature: The URL filter [{{#var:host}}UTM/APP/Mailfilter#URL-Filter in Mailfilter] and [{{#var:host}}UTM/APP/Webfilter in Webfilter] is now definable via regex and domains | ||
* Feature: A downloaded reseller preview update is marked accordingly in the firmware update dialog. | * Feature: A downloaded reseller preview update is marked accordingly in the firmware update dialog. | ||
* Feature: [ | * Feature: [{{#var:host}}UTM/FAQ#Determine_MAC_address MAC-addresses] are now displayed in the network configuration as a tooltip | ||
* Feature: New portlet in admin interface for hard disk temperatures | * Feature: New portlet in admin interface for hard disk temperatures | ||
* Feature: The [ | * Feature: The [{{#var:host}}UTM/AUTH/Captive_Portal_Benutzer Captive Portal User Expiration Date] can now be extended by 24 hour intervals | ||
* Feature: New [ | * Feature: New [{{#var:host}}UTM/APP/Mailfilter#Criteria Filter rule for trusted mailrelay users] is configurable in the mail filter | ||
* Feature: The interface for cluster configuration was redesigned | * Feature: The interface for cluster configuration was redesigned | ||
* Feature: A new priority group has been added to the Alerting Center (Level 5 Urgent Warning). | * Feature: A new priority group has been added to the Alerting Center (Level 5 Urgent Warning). | ||
* Feature: In the network tools there is now also a [ | * Feature: In the network tools there is now also a [{{#var:host}}UTM/NET/Netzwerkwerkzeuge Complete routing table] | ||
* Bugfix: In SOC the dialog for the first USC window could not be opened in the web interface | * Bugfix: In SOC the dialog for the first USC window could not be opened in the web interface | ||
* Bugfix: After factory reset the previous license was still active | * Bugfix: After factory reset the previous license was still active | ||
| Zeile 1.975: | Zeile 1.976: | ||
* Bugfix: In some circumstances the HTTP proxy was not working after a prolonged run-time | * Bugfix: In some circumstances the HTTP proxy was not working after a prolonged run-time | ||
* Maintenance: ClamAV virus scanning engine has been updated | * Maintenance: ClamAV virus scanning engine has been updated | ||
* Maintenance: Update of OpenVPN {{Alert}} Changes to [ | * Maintenance: Update of OpenVPN {{Alert}} Changes to [{{#var:host}}UTM/VPN/SSL_VPN-Roadwarrior#Encryption Cipher of default value] | ||
* Maintenance: Appliance image updates for RC340 }} | * Maintenance: Appliance image updates for RC340 }} | ||
| Zeile 2.208: | Zeile 2.209: | ||
;Netzwerkschnittstellen: | ;Netzwerkschnittstellen: | ||
:* Bezeichnung für die neue [ | :* Bezeichnung für die neue [{{#var:host}}UTM/Portbelegung#G5_-_2021/2022 UTM G5 Serie] angepasst | ||
| ;Let's Encrypt/ACME: | | ;Let's Encrypt/ACME: | ||
:* Creation and management of Let's Encrypt certificates using the [ | :* Creation and management of Let's Encrypt certificates using the [{{#var:host}}UTM/AUTH/Zertifikate-ACME ACME protocol] | ||
;Captive Portal: | ;Captive Portal: | ||
:* Complete redesign of the [ | :* Complete redesign of the [{{#var:host}}UTM/APP/Captive_Portal Captive Portals] | ||
:* The [ | :* The [{{#var:host}}UTM/APP/Captive_Portal#Branding Design] and the [{{#var:host}}UTM/APP/Captive_Portal#Translations Language] of the portal page is now customizable | ||
:* [{{#var:host}}UTM/AUTH/Benutzerverwaltung#Permissions New User Group] ''User inteface administrator'' to create and manage captive portal users | :* [{{#var:host}}UTM/AUTH/Benutzerverwaltung#Permissions New User Group] ''User inteface administrator'' to create and manage captive portal users | ||
;WLAN WPA3: | ;WLAN WPA3: | ||
:* for UTMs with WiFi support the [ | :* for UTMs with WiFi support the [{{#var:host}}UTM/NET/WLAN#WPA3 WPA3-protocol] is now supported | ||
;Packet filter: | ;Packet filter: | ||
:* It is possible to define [ | :* It is possible to define [{{#var:host}}UTM/RULE/Portfilter#Network_objects Network objects] in the packet filter configuration using hostnames or network objects with a dynamic prefix. | ||
;UEFI Support: | ;UEFI Support: | ||
| Zeile 2.234: | Zeile 2.235: | ||
;Network interfaces: | ;Network interfaces: | ||
:* Naming adapted for the new [ | :* Naming adapted for the new [{{#var:host}}UTM/Portbelegung#G5_-_2021/2022 UTM G5 series] }} | ||
{{var | Build 12.1.1 Reseller Preview, Maintenance--desc | {{var | Build 12.1.1 Reseller Preview, Maintenance--desc | ||
| | | | ||
UTM/Changelog.lang: Unterschied zwischen den Versionen
Aus Securepoint Wiki