|
 |
Deerfield.com > Support > WinRoute Firewall > Release Notes |
 |
|
Kerio WinRoute Firewall
*************************************** Legend: + Added feature * Improved/changed feature - Bug fixed *************************************** *************************************** Version 6.4.0 - September 17, 2007 *************************************** + User activity logs in StaR + Printer ready version of StaR + Improved overall throughput performance NAT was made more traversal + friendly for VoIP applications Added support for popular dynamic DNS + services Added URL based web exclusions from StaR Added support for + weekly quotas Added possibility to select users' preferred language *************************************** Version 6.3.0 - March 29, 2007 *************************************** Major new features: + Statistics and reporting (StaR) * Improved overall performance + Support for 64 bit systems + Support for Windows Vista * Improved P2P Eliminator *************************************** Version 6.2.3 - October 12, 2006 *************************************** + added support for Internet Explorer 7 to Kerio Clientless SSL-VPN - fixed corruption of configuration file when incorrect MAC address was entered in DHCP server configuration (This caused further changes to configuration to be mysteriously lost after reboot.) - fixed crash when a malformed DNS response is received - fixed crash when more than 3 custom forward DNS servers were specified - McAfee now works even if its subscription is expired (without updates though) - further fixes to video streaming (Amazon Music Sampler) - fixed malformed reverse DNS queries being incorrectly resolved to valid names - fixed missing error messages on unresponsive WWW sites - fixed "user transfer quota exceeded" alert being sent too often - fixed NOD32 plugin not working for SSL-VPN file transfers *************************************** Version 6.2.2 - August 7, 2006 *************************************** + added TCP MSS altering to work around nonworking PMTU discovery due to blocked ICMP (this typically fixes nonworking HTTPS pages on PPPoE connections) * Administration Console now remembers last view in IP Address Groups, DHCP Scopes and Leases, HTTP URL Groups, Time Ranges screens * cache memory size configuration value has been removed (the best value is now auto-detected) * the timeout for half-open TCP connections has been decreased - fixed deadlock in UPnP service if an interface goes up or down - in SSL-VPN downloaded files are now forced to be saved to disk instead of opened in IE - fixed creating of huge antivirus temporary files even though size limit was configured - fixed occasional WinRoute service crashes during system shutdown - fixed crashing when loading user configuration where no user has administrative rights - fixed opened Administration Console aborting normal system shutdown - fixed problem with temporary files occasionally remained on disk after the antivirus scanning - fixed a potential bug that antivirus process(es) won't start during WinRoute initialization - fixed national characters handling in the administrative password dialog in the installation wizard - fixed loading of web pages on nonstandard TCP ports when going through multiple proxies - fixed nonworking CNN pipeline stream videos - fixed possibility to remove some interface statistics for some interfaces - fixed IP addresses for hostnames in the traffic policy not being updated often enough - fixed old half-closed FTP connections through the firewall sometimes remaining open for very long times - antivirus scanning failures are now logged into security log - fixed client FTP connections not being correctly reset if virus was found during the transfer. - fixed FTP inspector could parse certain (illegal) responses incorrectly causing the affected connection to hang - fixed bandwidth limiter behaving incorrectly if the IP address group selected there was deleted - fixed inability to send mail through certain rare servers if TLS transfers are denied by WinRoute - fixed possible file corruption during antivirus scanning on chunked HTTP connections - fixed nonworking quarantine storage of infected files found in FTP transfers - fixed changes to the default SSL web interface TCP port of 4081 not being applied until restart of WinRoute - user manually imported from AD now have their email addresses imported (affects only newly imported users) - fixed file and folder icons failures to load when browsing FTP via the HTTP proxy server *************************************** Version 6.2.1 - May 3, 2006 *************************************** - fixed service crash in email protocol inspectors - fixed occasional high CPU usage of the service - fixed handling of HTTP/0.9 responses (this caused false positives of binary characters in HTTP headers) - fixed ignoring traffic policy rules when host names were used - fixed nonworking Windows Update via proxy server - fixed monthly rotation of logs * denial pages no longer use SSL (this caused unexpected SSL certificate warnings in browsers) * improved handling of ICMP destination unreachable messages (this sometimes caused VPN tunnels to stop working) + added ability to select custom port for SMTP relay server *************************************** Version 6.2.0 - March 23, 2006 *************************************** + Bandwidth Limiter + Dual anti-virus *************************************** Version 6.1.4 - January 5, 2006 *************************************** + added protection against the recent Windows metafiles vulnerability + TCP sequence numbers awareness * updated antivirus plugin for Eset NOD32 * ICSA certificate renewed - fixed DoS caused by improper data handling in HTML content filtering - fixed DoS when too long strings are fetched from Active Directory - fixed engine's inability to start due to improper loading of statistics - fixed HTML content filtering was sometimes incorrectly activated even if disabled - fixed application of antivirus scanning rules to certain file names - improved RTSP protocol inspector compatibility with certain servers - fixed removal of custom service could sometimes disable related traffic policy rules *************************************** Version 6.1.3 - November 10, 2005 *************************************** - fixed possible crash when trying to receive streams from certain RTSP servers - fixed possible hang when querying AD in some circumstances - fixed memory leak in Active Directory mapping - fixed filter errors in Active Directory queries - fixed possible successful authentication of users with disabled accounts - fixed local database users with "@" character in their login name were not able to login - fixed detection of RRAS demand-dial interfaces - fixed statistics sometimes showing negative/incorrect values - bookmarks on the SSL-VPN page are now correctly sorted - NTLM is now disabled for Opera browser * the MAC address/vendor database has been updated to be more accurate * Windows Firewall service is now disabled during the installation due to persisting conflicts *************************************** Version 6.1.2 - September 7, 2005 *************************************** + Russian translation of all user interfaces excluding admin console + Admin console now warns if a new traffic policy could disconnect it + All domain controllers may now be detected automatically * Windows Update HTTP rule was changed to work with current Windows Update - Wrong HTTP rules were sometimes applied immediately after user login - Possible crash after deleting user's statistics - Possible crash when in lack of system resources - Certain combination of routes to VPN tunnels could cause 100% CPU - Changing 'VPN Tunnel' to 'VPN Clients' in Traffic Policy could corrupt configuration - Scripts/ActiveX filtering often corrupted pages - Newly created group could be assigned wrong rights - Nested AD groups didn't work properly for primary groups - Account used to access AD database did not support non-ASCII characters - Quota counter was is not reset at the end of its time interval - Quota was not applied immediately when reached, only after several seconds - Mail temporary files were sometimes left on disk - Cannot open folder in SSL-VPN if its name contained an ampersand (&) - Admin console runtime error when deleting address group - "Error: function called with invalid parameters" when killing connections - Changes in configuration of users were not logged into config log - HTTP log did not log username for all requests - P2P alert message sometimes showed incorrect ports - Gzip encoding for HTTP servers in LAN was always turned off - Parent proxy password was unencrypted in configuration - VPN was not able to deliver very small fragmented UDP packets - Hibernation was not allowed even if VPN is not installed - Sometimes connection failover alert might not be sent - Alert messages in Spanish and Slovak were displayed as plain text only - Update checker didn't indicate failures *************************************** Changes in Kerio VPN Client: *************************************** + Russian translation - Autoconnect only works for the first server in advanced mode - Taskbar notification area messages were incorrectly formatted *************************************** Version 6.1.1 - July 15, 2005 *************************************** - Possible hang when hostnames are used in policies Possible crash when changing interface name Traffic policy corruption with certain interface names Possible temporary hang while sending messages to users Authentication of users when installed on a domain controller Active Directory mapping problems with nested groups Active Directory mapping problems with cross-domain group membership Authentication of users that are members of groups with national characters in names *************************************** Version 6.0.11 - April 7, 2005 *************************************** - fixed possible crash in RTSP protocol inspector - fixed possible crash on systems with more than 64 network interfaces - fixed several bugs in statistics calculation - fixed incorrect logging of broadcast packets in anti-spoofing - fixed several issues in the remote administration protocol *************************************** Version 6.0.10 - March 22, 2005 *************************************** - fixed possible crash when establishing / closing VPN connection (error 10038) - fixed possible hang of WinRoute service when changing SSL certificate for VPN server - fixed minor bugs in VPN server - fixed resource leak in SMTP protocol inspector with unconfigured relay (error 10035) - fixed collision with running ICF service on Microsoft Windows XP Service Pack 2 - fixed problem with setting user rights for installation directory on startup - fixed problem with DNS names in traffic rules and address groups - fixed crash caused by Avast module if it was simultaneusly used in both KWF and KMS - several minor improvements / bug fixes in SMTP protocol inspector - several minor bug fixes in Administration Console + protection of firewall host against Land attack packets * improved antivirus scanning of files being download using download managers *************************************** Version 6.0.9 - December 9, 2004 *************************************** - fixed possibility to poison DNS cache - fixed possible CPU/memory DoS in SMTP inspector - reduced access rights to WinRoute's directory - fixed handling of HEAD method in HTTP proxy server - fixed bad date in file names quarantine directory - blocking and logging of P2P traffic is now more accurate - invalid domain name in NT import no longer display local users - administration console now checks passwords for maximum length - administration console now behaves correctly if connection to the engine is lost - fixed up&down arrow buttons in Antivirus/HTTP scanning rules - transferred data for multimedia streams are now displayed correctly - improved logging of ISS orange filter categorization failures - removed SMTP NOTIFY extension from alert emails - SCCP (Cisco Skinny) protocol inspector now correctly handles conference calls - added ability to highlight certain lines of logs - support for hibernation (if VPN is not installed) *************************************** Version 6.0.8 - November 4, 2004 *************************************** - fixed nonfunctional user accounts that were imported from WinRoute Pro 4.x in the past *************************************** Version 6.0.7 - November 4, 2004 *************************************** * passwords for local users are now stored using stronger encryption * workaround for strange behavior of IE back button when dropping HTTP requests (e.g. ad-blocking HTTP rule is enabled) - fixed some HTTP and FTP rules not working randlomly - fixed non-working HTTP and Web log in upgraded installations - fixed FTP handling when configured to use parent proxy - VPN routes marked as 'unknown' no longer remain in the routing table - fixed possibility to edit int16 type options in DHCP server - fixed support for more than 255 routes in VPN - fixed crash of administration console in Status/Interfaces screen - actual traffic is now displayed correctly in statistics - fixed character coding in slovak version of web interface *************************************** Version 6.0.6 - October 7, 2004 *************************************** + HTTP, FTP, SMTP and POP3 inspectors now check JPEG files against the recent GDIPLUS.DLL vulnerability * Cobion OrangeFilter has been renamed to "ISS OrangeWeb Filter", functionality remains the same - fixed hanging of WinRoute service in DNS resolver - zero quotas are no longer ignored - fixed editing of inbound policy in the traffic wizard - alert when hanging up failover RAS line now displays line name correctly - fixed blocked communication after boot if Windows Firewall is detected on Windows XP SP2 - fixed handling of messages in SIP protocol inspection *************************************** Version 6.0.5 - September 27, 2004 *************************************** + VPN clients can now be configured with custom IP routes + VPN clients can now be assigned fixed IP addresses + resizeable traffic histograms * improved routing table screen in administration console - fixed conflict with 3rd party applications that install custom layered service providers - fixed boot problem on Windows 2000 - fixed handling of emails sent as attachment - fixed transfer rate bug in traffic histograms - fixed automatic login for IP address groups - denying of unscannable or corrupted files now works correctly - fixed blinking of text in logs - SSL certificates with national characters are now displayed correctly - fixed false installer complaint about WinRoute Pro being installed *************************************** Version 6.0.4 - August 19, 2004 *************************************** - fixed dropping of NAT connections when user logs in or out *************************************** Version 6.0.3 - August 17, 2004 *************************************** + support for Windows Security Center in Windows XP SP2 - fixed incorrect handling of TLS-secured POP3 and SMTP - dates in alert emails are now properly formated - traffic rules with interface source no longer permit packets from firewall - fixed file name matching in ftp policy when using MS IE as client - "Error: function called with invalid parameters" no longer appears when clearing a log *************************************** Version 6.0.2 - August 10, 2004 *************************************** + possibility to specify file size limit for antivirus + possibility to duplicate rule in HTTP/FTP policy + firewall can be excluded from quota actions * address group can be used for user automatic login * several minor improvements in administration console - fixed several bugs in SMTP protocol inspector and antivirus - fixed memory leak if DNS forwarder was disabled - fixed non working proxy if DNS forwarder was not configured - fixed crash when removing DHCP scope exclusion - fixed bug in SIP inspector - fixed minor bug in IRC protocol inspector - installer sometimes failed to update Kerio VPN Adapter driver and returned error 0x80070103 - fixed - Kerio VPN adapter sometimes lost it's primary IP address - fixed - authentication method for user imported manually from NT domain is now correctly set - fixed non working automatic login from firewall host *************************************** Version 6.0.1 - June 23, 2004 *************************************** - fixed 100% CPU usage on Windows servers with DNS system service enabled - fixed DNS forwarder on Windows Server 2003 (error 4507:10013) - fixed handling of STLS command in POP3 protocol inspector - proxy server now works if DNS forwarder is disabled - proxy server now does not always require NTLM authentication - authenticating via proxy server no longer sometimes ends with a blank page - VPN server no longer stops working when the system is under heavy load - deleting interface no longer changes traffic rules which refer it to 'any' - fixed crash of administration console in interface statistics - fixed ability to edit network interfaces when VPN is not installed - fixed disappearing of settings in the AD/NT authentication screen - fixed wrong sorting of antivirus rules for HTTP/FTP - log rotation is no longer grayed out when set to keep 0 files - the number of consumed licenses is now displayed also for trial license *************************************** Version 6.0.0 - June 7, 2004 *************************************** + Integrated client/server and server-to-server VPN solution + Alerts and notifications + Antivirus protection for emails (POP3 and SMTP) + Improved real-time user monitoring and traffic statistics + P2P Eliminator - universal P2P blocking + Support for VisNetic Antivirus Plug-in *************************************** Version 5.1.10 - March 1, 2004 *************************************** - fixed crash in HTTP header parser - fixed handling of time intervals that pass midnight - fixed dialing of lines defined in custom phonebook - fixed disappearing of dial-up lines that contain international characters *************************************** Version 5.1.9 - January 12, 2004 *************************************** * Larger default NAT port pool - Fixed bug with incorrectly installed driver - Fixed bug when proxy user has no password defined - Fixed incorrect handling of fragmented traffic + Added detection of Windows XP Service Pack 2 during installation (automatically disabling of ICF) *************************************** Version 5.1.8 - December 18, 2003 *************************************** + Support for IEEE1394 (Firewire) networks * License BASE-ID is no longer displayed on webadmin pages * Traffic wizard recognizes broadband satellite internet connection - Fixed bug with connections sometimes not being displayed - Fixed handling of user and group names with spaces - Fixed accounting of traffic generated by firewall host - Fixed handling of IP traffic logging expression - Fixed handling of BOOTP requests - Fixed backward searching in logs - Fixed handling of IRC DCC send message - Fixed bug in UPnP *************************************** Version 5.1.7 - November 21, 2003 *************************************** This is a service release mainly for the Windows NT 4.0 platform. MS recommended high security settings were removed from the installation. More info: http://msdn.microsoft.com/... http://xforce.iss.net/xforce/xfdb/5573 *************************************** Version 5.1.6 - November 18, 2003 *************************************** * New driver * Improved speed of web browsing if Cobion is enabled - Improved handling of the HTTP keep-alive connections in proxy server - Fixed user import from Active directory (LDAP) on localhost - Fixed RAS line dialing in Web Administration interface requiring user authentication - Fixed occassional proxy server freeze related to the RAS line hangup *************************************** Version 5.1.5 - October 30, 2003 *************************************** - Fixed bug causing very large system resources usage after some time - Fixed bug in the HTTP cache causing occasional crash *************************************** Version 5.1.4 - October 21, 2003 *************************************** - Fixed bug causing very large memory usage after some time - Fixed non-working HTTPS through parent proxy - Fixed bug in initialization of eTrust CA antivirus *************************************** Version 5.1.3 - October 16, 2003 *************************************** + Safer configuration saving to prevent data losses + FTP antivirus checking can now be enabled or disabled per rule * Mapped HTTP connections are now excluded from HTTP policy by default (See Advanced options in HTTP policy screen.) - Fixed Cobion in HTTP proxy server - Fixed browser language detection in HTTP proxy server - Fixed engine sometimes failed to stop properly - Fixed crash when traffic policy configuration is corrupted - Fixed date and time sometimes weren't logged in connection log *************************************** Version 5.1.2 - September 24, 2003 *************************************** - Fixed crash when installing license. - Fixed DNS cache in forwarder - Fixed DNS resolving in proxy server - Fixed parent proxy chaining in proxy server - Fixed content filtering problems with redirects - Fixed handling of gzipped and chunked pages *************************************** Version 5.1.0 - August 25, 2003 *************************************** + Improved online user monitoring (Hosts/Users screen) + Support for internet connection failover (Interfaces screen) + SIP protocol inspector - transparent handling of SIP through NAT + Advanced logging options - log rotation and syslog support + Customizable DNS forwarding + Customizable redirect page for denying HTTP rules + Added detection of clients using P2P networks + Automatic checking for new versions + Ability to use DNS names instead of IP's in traffic policy + Support for NTLM for Mozilla-based browsers (Mozilla 1.4 or higher) *************************************** Version 5.0.9 - August 4, 2003 *************************************** - Fixed boot error on Windows 98/Me - Fixed "Driver error: WRDRV: TcpInfoInit: Unable to open 'TCP' device" - Fixed "Driver error: WRDRV: RtIsLocalAddress: RtTable == NULL" *************************************** Version 5.0.8 - July 25, 2003 *************************************** * ICSA required changes - Fixed HTTP Proxy server starting - Fixed FTP filtering based on filename *************************************** Version 5.0.7 - July 8, 2003 *************************************** - Fixed bug causing message "Invalid buffer size (10 != 12)" - Fixed non-working connections over dialup or VPN *************************************** Version 5.0.5 - July 2, 2003 *************************************** - Fixed antivirus rules for FTP traffic - Fixed content filtering for users with no right to override settings - Fixed editing of denial reason in URL rules - Fixed counting of remaining users in license - Fixed user login for long usernames - Fixed HTTP proxy server refusing to restart - Fixed concurrent active transfers from mapped FTP server - Fixed problem with DHCP renewal for interfaces that already have IP - Fixed broken handling of broadcast packets ! The "Do not screen firewall traffic on this interface" feature was removed and it is no more functional. Please disable this option, otherwise there might appear a lot of messages in the Error log. *************************************** Version 5.0.4 - May 15, 2003 *************************************** + Ability to turn antivirus off for individual HTTP rules + Cobion white list to override Cobion categorization * Improved dialing on demand based on static routes - Cobion Orange filter no longer goes offline on some URL's - McAfee plugin automatically uses parent proxy server - Fixed buggy displaying of tray control application (Windows 98/Me/NT4) - HTTP/0.9 responses are now handled correctly ! Non-working NTLM authentication on Windows Server 2003 ! Deny reason cannot be added or updated in Administration Console for new/existing URL rules. If you need, you can do this in configuration file. *************************************** Version 5.0.3 - May 7, 2003 *************************************** - Interface exclude from firewall sometimes didn't work properly - More Dial-In clients can now be connected simultaneously - Fixed line dialing for connections forbidden by traffic policy - Fixed non-working antivirus after several hours of run - Fixed possible crash in HTTP protocol handler - Fixed forwarding of HTTP POST requests to parent proxy - Fixed occasional dropping of destination NAT connections - Fixed Cobion "no license" warning message - Fixed security bug in remote administration * .pac script now excludes ftp protocol from proxy server * HTTP cache can now be up to 4GB * Web titles logged in UTF-8 charset + Support for Windows Server 2003 + FTP antivirus filtering based on filename + Customized external commands on dialing events + Enhanced content rules settings + Ethernet adapter vendor names in DHCP leases + Default DHCP options + Support for Symantec Antivirus *************************************** Version 5.0.2 - April 3, 2003 *************************************** + Exclude interface from firewall + DHCP supports Microsoft RRAS server + Keyword filtering configurable in HTTP Rules + Rule unlocking can now be allowed/denied on per user basis + FTP 'REST' hidden rule is now visible (and removable) + FTP rules have ability to completely permit/deny access to a server + IPSec pass-through + Status/Connections screen now shows traffic rule names + Filter log now shows traffic rule names + DNS resolving in Admin console whereever IP address is required + Number of remaining licenses displayed on information screen + Support for outside proxy servers in HTTP filtering + Support for F-Secure antivirus * Reorganized antivirus configuration in McAfee version * Reorganized Cobion settings * Users from Active Directory can be imported from any container (only "Users" previously) - Fix for DoS vulnerability (Bugtraq ID 7245) - Strange anti spoofing logging with DHCP server turned on - NT domain authentication in proxy server - Bad traffic rules behavior when editing address groups - Bad international characters in Active Directory import - Very long HTTP rules caused a hang in web admin *************************************** Version 5.0.1 - March 7, 2003 *************************************** - fixed bug in FTP protocol parser *************************************** Version 5.0.0 - February 21, 2003 *************************************** * First version |
|
|
