Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
 ·TekSavvy Solutions..
1 edit | ZyWall 2+ firmware 4.01(XU.1) now available
Download here.
Features:
Modifications in V 4.01(XU.1) | 12/06/2006
1. Formal Release.
Modifications in V 4.01(XU.1)b1 | 11/28/2006
1. [ENHANCEMENT] SPR ID: 060830643
Add an option to enable or disable the "Dynamic ACL" log in ZyWALL.
The check box is in:
(1) "eWC->LOGS->Log Settings->Dynamic ACL".
(2) SMT 24.8.
I. "sys logs load".
II. "sys logs switch dynacllog".
III. "sys logs save".
IV. "sys logs switch display".
Note: "2006-08-09 00:42:30 Firewall matches a dynamic ACL rule of an ALG
session: TCP 192.168.111.2:50999 66.59.243.66:26397 ACCESS PERMITTED"
Engineer Note: The value in default ROM file is "on".
2. [ENHANCEMENT]
Wording changed. Out of memory when upload F/W.
(1) FTP
Was: file size too large.
Is: file size too large. Please reboot device, and try again.
(2) HTTP/HTTPS
Was: disk full!
Is: disk full! Please reboot device, and try again.
3. [ENHANCEMENT] SPR ID: 060522258
If users let "Redirect URL" in Content Filter be blank, the blocking page will be
displayed on the forbidden object only.
4. [ENHANCEMENT] SPR ID: 060925662
In eWC>MAINTENANCE>Time and Date, add "Madrid" capital in "GMT+1"
time zone.
5. [BUG FIX] SPR ID: 060711547
Symptom: "Don’t block Java/ActiveX/Cookies/Web proxy to trust Web site"
function in content filter cannot work.
Condition:
(1) In eWC->SECURITY->CONTENT FILTER->General page, enable "Content
filter" and block "Java Applet/ActiveX/Cookies/Web Proxy".
(2) In eWC->SECURITY->CONTENT FILTER->Customization page, enable
"Web site customization" and
"Don't block Java/ActiveX/Cookies/Web proxy to trusted Web sites".
Add "web.haccpsoft.it" to "Trusted Web Sites".
(3) A PC in ZYWALL's LAN side browses "http://web.haccpsoft.it:8080" website.
(4) Login in and click the date, the popup window should show a calendar instead
of another login page.
(5) It is blocked by content filter.
6. [BUG FIX] SPR ID: 060607461
Symptom: After run 5 hours BT, no traffic can be forwarded by ZyWALL.
Condition:
(1) Restore to default romfile.
(2) In NAT port forwarding page, add a rule with port range from 20000 to 40000.
(3) After running about 5 hours BT, no traffic can pass through ZyWALL.
7. [ENHANCEMENT]
Add ip nat routing for WLAN interface
(1) SMT 24.8
(2) ip nat routing
You can see add WLAN interface support
8. [BUG FIX] SPR ID: 060703050
Symptom: Local PC cannot find Remote Host by NetBIOS via VPN tunnel.
Condition:
PC1----(WLAN)DUT-----(VPN)-----ZYWALL(LAN)----PC2
(1) The configured romfile please refer to SPR.
(2) PC1 cannot see PC2 by NetBIOS via VPN tunnel.
Note: This problem only happens when policy index is not equal to IKE index.
Engineer Note: This problem happens in 4.00 and 4.01.
9. [BUG FIX]
Symptom: Content filter cannot set "Block" and "Log" fields correctly.
Condition:
(1) Restore default romfile.
(2) Goto eWC>CONTENT FILTER>General page, set "Schedule to Block" from
1:00 to 2:00.
(3) Goto eWC>CONTENT FILTER>Categories page, disable Block and Log of
"Matched Web Pages", disable Log of "Unrated Web Pages", and disable Log of
"When Content Filter Server Is Unavailable".
(4) Refresh the page again. The Block check box of "Matched Web Pages" is
turned to enable.
10. [BUG FIX]
Symptom: eWC>WAN>Dial Backup, AT Command Initial String field can only
accept max 31 characters, but should accept 63 characters
Condition: eWC>WAN>Dial Backup, AT Command Initial String field can only
accept max 31 characters, but should accept 63 characters
11. [BUG FIX] SPR ID: 060711576, 060711577, 060711578
Symptom: Content filter is fail when user installs Outpost Firewall.
Condition:
(1) Install OutpostPro Firewall software.
(2) Set "disable all web traffic except for trusted web sites" and enable content
filter.
(3) Enable Outpost Firewall, user can surf the website as usual.
(4) If we disable Outpost Firewall, web surfing will be blocked besides trusted
web sites.
12. [BUG FIX] SPR ID: 060927777
Symptom: The "Up Time" shown on the Port Statistics and Home page is quite
different when the ZyWALL uptime is more than 100 hours.
Condition:
(1) Let ZyWALL WAN1 uptime be more than 300 hours.
(2) Go to eWC>HOME page, the "Up Time" is "4:00:00".
(3) Click "Port Statistics" button, the WAN1 "Up time" of pop-up window is
"300.00.00".
13. [BUG FIX] SPR ID: 061024840, 061024841, 061024842
Symptom: SMTP authentication fails on elias.hp-interex.ch (MX V5.4 AnGc).
Condition:
(1) Go to eWC>LOGS>Log Settings.
(2) Set Mail Server of E-mail Log Settings to elias.hp-interex.ch, enable
SMTP Authentication and set related SMTP settings.
(3) The device sends mail will fail on SMTP authentication.
14. [BUG FIX] SPR ID: 060822272, 060822274, 060822273
Symptom: ZyWALL will not mail its LOG if the IP specified on the One-To-One
Public IP.
Condition:
Topology:
Mail Server-----------(DMZ)ZyWALL(WAN)
192.168.2.33 192.168.2.1 10.0.0.1
10.0.0.2
(1) Restore to default romfile.
(2) Set NAT type to full feature.
(3) Build a one-to-one rule for mail server in DMZ.
Local IP Global IP
192.168.2.33 10.0.0.2
(4) In the LOG setting, set mail server IP to 10.0.0.2.
(5) Then, disable the firewall and press the "Email Log Now" button to send mail.
(6) You will see the log "SMTP fail (Cannot connect to SMTP server 10.0.0.2)".
15. [BUG FIX] SPR ID: 060420608
Symptom: Two SIP clients cannot talk to each other when both of them are in
LAN.
Condition:
Topology:
SIP Client_A ------- (LAN) ZyWALL (WAN) ---------- SIP Server
SIP Clinet_B -------|
(1) Two SIP clients register on SIP server which is in the WAN.
(2) Create a call between client A and client B, they cannot hear each other.
16. [ENHANCEMENT] SPR: 061102140
Add PPTP CHAP v2 support.
17. [ENHANCEMENT]
Add quick timeout mechanism for UDP sessions. This mechanism can for you to
search more games in internet by some game platform. If no this mechanism the
number of the game you can search is about NAT session number limited.
18. [BUG FIX]
Symptom: ZyWALL cannot trigger dial backup.
Condition:
Topology:
PC--(LAN)ZyWALL(dial backup)--Internet
(1) Restore default romfile.
(2) Set up dial backup.
(3) PC sets ZyWALL to be DNS proxy server.
(4) PC starts to ping a domain name, but ZyWALL do not trigger dial backup.
19. [ENHANCEMENT]
Vulnerability bug: It depends on an error in verifying the PKCS-1 padding
of the signed hash and we update the patch file from safeNet.
20. [ENHANCEMENT]
Save time synchronized with time servers to romfile. Add this action when device
do time sync automatically. So device can keep system time with the time
synchronized with time server successfully last time.
|
|
jsimmons
Premium,MVM
join:2000-04-24
Falls Church, VA | Thanks... Will download/install it tonight.  |
|
Sentinel
Premium
join:2001-02-07
Florida
1 edit |  reply to Brano
Thanks. I'm on my way...
Edit:
I don't see it on the USA site yet. |
|
Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON | Forget the USA site for once and ever  |
|
jsimmons
Premium,MVM
join:2000-04-24
Falls Church, VA | reply to jsimmons
Upgraded smoothly. No need to reset / reconfigure. Seems to be running fine. |
|
Sentinel
Premium
join:2001-02-07
Florida | reply to Brano
I would but it doesn't let me. When I go to zyxel.com it redirects me to us.zyxel.com. I can't go to the global site any more. |
|
maxusa
Premium
join:2004-05-05
USA | To get to the Global website »www.zyxel.com/web |
|
Sentinel
Premium
join:2001-02-07
Florida
1 edit | Got it. Thanks!
Update:
Installed and working fine. |
|
Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
·TekSavvy Solutions..
| reply to Sentinel
said by Sentinel  :I would but it doesn't let me. When I go to zyxel.com it redirects me to us.zyxel.com. I can't go to the global site any more. Best way is to get it from FTP folder directly: »ftp://ftp.zyxel.com/ZyWALL_2_Plus/firmware/ |
|
Sentinel
Premium
join:2001-02-07
Florida
| I know it probably is but I am the nervous type.
I like to see it posted on their website before I try it. I'm like that with all software upgrades. I have been burned before by downloading from the FTP too fast and then they pull it for some reason and I can't complain because they say that they never officially released it 
That's why I wait until I see it on the web site. If it is listed there then I feel like they have officially released it. |
|
