Release Notes CSG 7.2.26
Collax Security Gateway
23.01.2024
Installation Notes
Update Instructions
To install this update please follow the following steps:
Procedure
- It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
- In the administration interface go to Menu → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
- Click Get Packages to download the update packages.
- Click Install. This installs the update. The end of this process is indicated by the message Done!.
- A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.
New in this version
System management: Linux LTS kernel 6.6.12
This update installs the Linux LTS kernel (LTS: Long Term Support) 6.6.12. The Linux 6.6 kernel thus receives long-term support.
Mail: Authentication by sender domain
Authentication is usually required to use a relay server. However, if different mail domains are used for sending, Ionos specifically requires that authentication is carried out with an e-mail address from the same domain as the sender’s e-mail address. This update provides the option to store a separate authentication for the use of a relay server for each mail domain.
Mail: SMTP smuggling
The term SMTP smuggling was used to describe a way of sending emails with a forged sender address. This exploited the fact that the completion of a mail transmission is not sufficiently checked by some receiving mail servers. With this update, all emails with an incorrect sequence are blocked. If there are devices or applications in the company that do not send correctly, there is an option to configure exceptions.
Further information can be found here.
Notes
Additional software: Bitdefender - Proxy for updates
The virus pattern updates are carried out according to a set cycle. For the pattern update of the Bitdefender virus and spam filter, the use of an http proxy is currently not possible.
Additional software: Bitdefender - pattern update after start-up
After the start-up of the Collax Antivirus powered by Bitdefender module, it may take a few minutes until the current virus patterns have been downloaded. If you click on Update Bitdefender in the virus scanner form during this time, an error message “Error connecting to server at /opt/lib/bitdefender//bdamsocket: -3” appears, because the background process has not yet been fully executed.
GUI: Running Jobs Hang Sporadically
The progress of the configuration jobs is displayed in the upper right corner of the web administration. In the case of extensive changes in the area network, especially in the area of country locks (geo-ip), the job display of the activation can hang in rare cases and lead to a timeout. For updates up to release 7.2.14, the message “ipset v7.11: Set cannot be destroyed: it is in use by a kernel component” also appeared. which could lead to uncertainty. The changes are all correctly applied and this is only a cosmetic problem. Until the error is completely fixed, you can help yourself by reloading the browser window.
VPN: Fix for IKEv2 with Microsoft Windows breaks after 7.6 hours
VPN connections with IKEv2 and the on-board tools of Microsoft Windows are interrupted after exactly after exactly 7.6 hours. The error occurs because Microsoft Windows suggests different algorithms during the IKE re-encryption than during the first first connection. The problem can be solved with a registry fix, by changing the value “NegotiateDH2048_AES256” under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters to 1 is set to 1.
Under the following Link you will find a REG file (registry entry) which adds the registry key. Collax accepts no liability for system errors resulting from this.