Release Notes CSG 7.0.2

Collax Security Gateway
13.02.2017

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

Security: Linux Kernel 4.4.44

Collax Server 7 is based on the long time support (LTS) Kernel 4.4. It provides better hardware support und more security fixes und is supported until Februar 2018.

Security: Important security relevant System Components

This update will also install/update the following important system components:

  • zlib1g 1.2.11
  • libgd2 2.2.4
  • libpng3 1.6.27
  • kernel 4.4.50
  • gnutls 3.3.26
  • openssl 1.0.2k
  • socat 1.7.3.1
  • bind 9.9.9.5
  • curl 7.52.1
  • ntpd 4.2.8p9
  • openssh 7.4p1
  • samba 4.3.13
  • squid 3.5.23

Security: Amavis - Filter engine and Virus notification

AMaViS (A Mail Virus Scanner) is a high-performance and reliable interface between the mailer (MTA) and one or more virus scanners. The inspection of emails will now result in a more detailled description of the virus and the used scanengine in the virus notification email and the system logfile.

GUI: Clean-up form history and popups

In the dialog “Clean-up” in the menu Status->Toolbox->Clean-up it is possible to remove the browserdata saved by the GUI. Its the form history and the form popups.

Hardware: Additional hardware support for NVMe-devices

This update brings support for NVM Express (NVMe) Devices.

Issues Fixed in this Version

GUI: Revoke certificates

Using the action “Revoke Certificates” the certificate is deleted and entered in the CRL (Certificate Revocation List) for the CA. From this time on, the certificate is blocked on the Collax Security Gateway. In this juncture the GUI output details have been to small. With this release we maximize it to the uses screen view.

GUI: Intranet Wizard

The configuration of the Intranet Wizard lead to an error under vertain circumstances when saving the Nameserver form. This is going to be fixed within this release.

GUI: Add hosts to Network group

A Network groupd can consist of a network and mutliple hosts. Within this update its possible to add a host to a Network group directly within the dialog of the network group via a multilist element.

E-Mail: Fetchmail - Retrieval times

You can determine multiple times and intervals for executing the defined jobs for retrieving mail from external mailboxes through the dialog “Retrieval Times”. This lead to an error in the generated configuration file so that retrieving e-mail from external mailboxes didn’t work. This is going to be fixed within this update.

Net: Forwarding of multiple destination ports

In the form Networking -> Firewall -> DNAT/Port Forwarding services can be forwarded to multiple destination ports. The forwarding of services with multiple destination ports lead to an error in the configuration. Within this release services with multiple destination ports are forwarded correctly.

Port forwardings are used to forward incoming requests to a different server. If a port forwardig was restricted to a PPPoE-link, it didn’t work correctly. This ist going to be fixed with this software update.

Net: Bonding ethernet ports

After creating new ethernet bonding ports, the link could not be started because of a missing startscript. This ist going to be fixed with this software update.

Net: MTU calculation

Because of a bad MTU calculation, the Internetlink could not be started under certain circumstances after the Upgrade to Release V7. This ist going to be fixed with this software update.

Under certain circumstances the link scripts for PPtP had an bug, so that the daemon for PPtP could not start. This update fixes this bug.

Network connections from type Ethernet are defined by an IP-address and the physically connected, reachable network. If the netmask of the network was /32, the connection wasn’t established. Within this release, this case is respected.

VPN: IPSec L2TP form

When creating new VPN-Connections, it could lead to an error in the ipsec.secrets file after saving the IPSec form. This is going to be fixed with this update.

VPN: IPSec startscript

When creating new VPN-Connections, it could lead to an error in the vpn startscript configuration. This is going to be fixed with this update.

Backup/Restore: Backup Target Server changed to fake FQDN

After the upgrade the backup target server setting had been changed to a wrong FQDN. In this case, the backup job couldn’t proceed successfully. With this version, the backup target server is going to be changed preferably to the IP address originally set. Thereafter the backup jobs can proceed correct.

Misc: Awstats and DNS Caching

In this update a mechanism for caching Hostnames and IP addresses has been fixed, so that the information is beeing updated instead of showing the old cached values.

Notes

Hardware: HP Smart Array CCISS Driver

The existing Smart Array CCISS-driver is replaced with the new HP Smart Array SCSI (HPSA) driver during the upgrade.