Announcing release of Astaro Security Gateway Version 8
What's New? Highlights of Major New Things * Updated WebAdmin - New colors, fonts, and visuals make WebAdmin more easily readable with crisper overall presentation
* IPv6 - Support has been added for the next iteration of IP addressing throughout ASG
* New Kernel and Base System - Provides 64-bit support, massively increased hardware compatibility, and better performance
* Country Blocking - Deny communications to/from any combination of countries and/or regions
* Web Application Security - A new subscription has been added to our protection portfolio which protects your web servers from modern attacks, hackers, viruses and data theft
* Flash-Based Reporting - Reporting data can be displayed via animated charts which add strong visual representations to how the data is presented
* WebAdmin Rights & Roles - Let multiple administrators or auditors share duties by separating access permissions; for example giving someone the ability to work only with the Mail Quarantine
* Configuration Change Tracking - Aid compliance and accountability efforts by identifying what was changed by an administrator on a forensic level
* Printable Configuration - Save the contents of the entire system as an XML file to aid compliance efforts and record keeping
* New Online Help - Improved layout coupled with new feature set updates this reference to be faster and more useful in retrieving information on demand
* VPN Remote Access Reporting - Displays usage graphs for the various types of user connections, along with historical data for examining session information
* WebAdmin Menu Search - Instantly filter the menu to show sections of WebAdmin based on a search query box; great for locating an option or feature quickly
* Web Content Filter Override - Allow configured users and groups to bypass URL filtering block pages by providing credentials and entering a reason, all of which can be tracked using new override reports
The first Up2Date package for the new Astaro Security Gateway Version 8 is ready for distribution. Version 8 has enjoyed significant popularity in the past month, with thousands of new and existing customers experiencing V8's features and stability.
You will find 8.001 available for install via Up2Date on your installation. Mainly a bug fix release, this package will enhance the stability and operation of ASG V8, and addresses an issue with Unix time affecting certificates. Read on for the full details of this Up2Date.
This release fixes some bugs with how Web Application Security handles connections for protection of Outlook Web Access servers, optimizing that communication.
We have also adjusted the very popular Country Blocking to ensure traffic can flow to essential Astaro Internet resources (Eg. RED provisioning servers, global email scanning repositories etc.) so that your blocking choices won't interfere with ASG operations. In addition, some other bugs were addressed and some hardware glitches for our software users and their platforms of choice were solved.
Astaro RED (Remote Ethernet Device) is the easiest and most affordable way to secure your branch offices. You can centrally configure it via an Astaro Security Gateway located at your headquarter which automatically distributes the configuration to the Astaro RED appliance. By forwarding all traffic to the central Astaro Security Gateway, Astaro RED provides complete UTM security even for your smallest remote or home office. In contrast to standard security appliances Astaro RED not only provides stronger security but also slashes the total cost of ownership by 80% as there's no need for technical skill or ongoing maintenance at the remote site.
On addressing the Unix Time issue: ASG uses certificates for different purposes (such as for each user that is created) and CAs (certificate authorities) for signing the certificates mentioned before. When performing the initial setup, some CAs as well as the admin certificate are generated.
When passing a certain point in time the theoretical end-date for our certs and CAs is beyond 19 January 2038 which will cause trouble to the system as the end-date of a cert/CA must not be before the start-date.
Remarks: *System will be rebooted.
*Configuration will be updated.
*HTTP Proxy cache will deleted.
News: -This Up2Date should be applied before end of August 2010
- Added: HTML rewriting in Web Application Firewall.
- Fixed: Country based blocking can no longer block essential ASG functionality.
- Added exceptions for spam scanning servers, ACC, notification smarthost, NTP servers, and SNMP trap sinks.
Fixes: : UNIX Epoch ends in 9999 days, so certificates cannot last longer
 ASG does not use ESMTP for "Skip TLS negotiation hosts"
 WAF disabled in predefined reverse proxy profiles
 No successful boot with Perc H200
 Country Blocking blocks essential services
 GRUB fails to install properly on some HP servers
: Bridge interface gets unresponsive after change of IP addresses
: ASG 625a with versions 8 and 8.001 recognizing NIC order wrong
: Setting system time forward causes WebAdmin to get unresponsive for a while
Sophos UTM Up2Date 9.201023 package
Thu, Apr 10th 2014 4:46p John Willemse We just did the upgrade.
System Version: Sophos UTM 9.200-11
Official 9.2 GA Release - update from 9.200. Fix: OpenSSL vulnerability: TLS heartbeat read overrun (CVE-2014-0160)
Fix : vpn site2site overwiev is missing ipsec respondOnly connections
Fix : Object Changelog PopUp can not be closed in IE9
Fix : [BETA] RED50 reconnects all the time
Fix [29419&rsq [read] Keywords: agent
CentOS alert RHSA-2014-0328. Kernel Update.
Thu, Apr 3rd 2014 12:25p John Willemse We just upgraded OTAP to Centos 6.5 Kernel 2.6.32-431.11.2.el6.x86_64 x86_64
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The kern [read] Keywords: notes
Technisch consultant. Per direct beschikbaar in de regio Zuid-Holland.
Sat, Mar 8th 2014 6:05p John Willemse Mijn ambities:
Prospects technisch adviseren
Producten kunnen implementeren bij klanten
Telefonisch en on-site technisch support leveren
Functie ongeveer 40% binnen en 60% buiten
Naast mijn werkwijze die inventief en creatief is in het vinden van oplossingen neem ik ook een dosis kennis mee die ingezet kan worden om de kantoorautomatisering zoals (hard- en software) migratie- en upgrades te waarborgen in project vorm.
Competenties en vaardigheden:
Service en ondersteuning
Coör [read] Keywords: blogSphere
FRITZ!OS: New Firmware 6.04
Fri, Feb 21st 2014 5:42p John Willemse We just did an upgrade to FRITZ!OS 6.04.
Important: This firmware is only intended for use with FRITZ!Box Fon WLAN 7360 International Edition
-Security: removes possibility for unauthorized access to FRITZ!Box. Please check for important information here: http://www.avm.de/en/Sicherheit
- added Dialplan for New Zealand
New with FRITZ!OS 6:
- Wireless LAN Guest Access new a [read] Keywords: blogSphere
Sophos UTM Up2Date 9.109001 package
Fri, Feb 21st 2014 5:03p John Willemse We just did the upgrade.
Up2Date 9.109001 package description:
RPM packages contained:
Manual Downloads and MD5s can be found at Index of /UTM/v9/up2date/ http://ftp.astaro.de/UTM/v9/up2date/
Free Sophos UTM Home Edition
Our Free Home Use Firewall [read] Keywords: application