republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   News
home

New ZyWALL 10w Firmware (3.62 WH.0) released
(old news - 03:25AM Friday Dec 26 2003)
Christmas present from Zyxel. :)

Download ZyWALL 10W Firmware 3.62(WH.0)

Numerous bug fixes and the following enhancements and feature changes since 3.61. Please check the release notes for a complete list!
Enhancements
[ENHANCEMENT] Add HTTPS proxy server support.
[ENHANCEMENT] eWC CONTENT FILTER Categories, add two new category setup, "Unrated Web Sites" and "When Content Filter Server Is Unavailable. Users can setup to block/unblock and log/un-log those kind of web access..
[ENHANCEMENT] Add more information in CI command "ipsec disp #rule". If the secure gateway of an IPSec rule is configured as domain name, this command will show both domain and actual IP resolved by system.
[ENHANCEMENT] Add "SSH" login message in Centralized Log.
[ENHANCEMENT] Support rule swapping by phase 1 ID ( Local ID type / content and Peer ID type / content) in IPSec.
[ENHANCEMENT] When restore default ROM file in SMT, system will ask users to reconfirm.
[ENHANCEMENT] Add more information in CI command "ipsec disp #rule". If the secure gateway of an IPSec rule is configured as domain name, this command will show both domain and actual IP resolved by system.
[ENHANCHMENT] Add new eWC firewall rules storage space utilization status bar in summary page.
Previous: We used firewall rule numbers to count the usage space, but the rule size is depended on content (like IP pairs and total service numbers). The rule size is different from rule to rule.
Now: We ignored the counter of firewall rules and just care of the remained size we can use.
[ENHANCEMENT] In the past, when My IP Address is configured as 0.0.0.0 in IPSec rule, system will use the WAN's IP address as my IP address during IKE. Now it will use the IP of dial backup as my IP address when the WAN is disconnected. In the case of traffic redirect, it will use LAN IP as my IP address.
[ENHANCEMENT] Add new feature: X-Auth as the authentication method in VPN IKE phase.
[ENHANCEMENT] Add new feature: PKI supported in VPN..
[ENHANCEMENT] Add new feature: WLAN 802.1X TLS/TTLS.
[ENHANCEMENT] Add new feature: SSH
[ENHANCEMENT] Add new feature: Support new encryption algorithm AES in IPSec..
[ENHANCEMENT] Add new feature: Bandwidth Management Lite.
[ENHANCEMENT] Add new feature: In content filer, use Cerberian to replace Cybernot.
[ENHANCEMENT] Add new feature: DNS Server for IPSec VPN. Please refer to Appendix 7 for detail.
[ENHANCEMENT] Add CI command "ip dropIcmp [0|1]"(default value is 0) tothe device to drop ICMP fragment packets.
[ENHANCEMENT] Add two new categories "TCP Reset" and "Packet Filter" in Centralized Log.
[ENHANCEMENT] Separate DNS servers into system DNS servers & DNS servers assigned to LAN hosts. The system DNS servers are used by router and the DNS servers assigned to LAN hosts are for LAN hosts. There will be no embedded default DNS server for this design.
[ENHANCEMENT] Add CI command "sys upnp reserve [0|1]"(default value is 0) to reserve UPnP NAT rules in flash after system boot up.
[ENHANCEMENT] Add UPnP "Ports" page to show the UPnP NAT ports.
[ENHANCEMENT] IPSec related logs are enhanced.
(1) Add success log and error messages in IKE in centralize log .
(2) Add new IPSec debug log method.
[ENHANCEMENT] Add dynamic local and dynamic remote in IKE/IPSec. There are two CI commands, "ipsec config dynamicLocal" and "ipsec config dynamicRemote", to configure these two features.
(3) When dynamic local turns on, My IP Addr = 0.0.0.0, Local Addr Type = single, Local Addr Start = 0.0.0.0, ZyWALL will use WAN IP as local address.
(4) When dynamic remote turns on, secure GW = domain name, Remote Addr Type = single, Remote Addr Start = 0.0.0.0, ZyWALL will use IP resolved from peer domain name as remote address.
[ENHANCEMENT] Add new category "PKI" in Centralized Log.
[ENHANCEMENT] Add Local ID Type, Local ID Content, Remote ID Type, and Remote ID Content check when using RSA signature in IKE.
(5) When using RSA signature, we can not set Local ID Type and Local ID content from UI. The Local ID Type and Local ID content depends on the certificate we select.
(6) When using RSA signature, we can set and check Remote ID Type and Remote ID Content. There are two type added, one is "Subject Name" and the other is "Don't Care". The "Subject Name" measn we will check peer ID content using peer's certificate subject name. And "Don't Care" means that we won't chech peer's ID content when we receive it.
Feature Changes:
[FEATURE CHANGE] Add a new item "CERTIFICATES" in panel, and remove certificate related subjects in VPN rule editing page.
[FEATURE CHANGE] Enlarge number of rules in eWC SUA/NAT SUA Server
[FEATURE CHANGE] Do not check protocol and port information during IKE phase 1 negotiation.
[FEATURE CHANGE] Remove connectivity monitor starting log.
[FEATURE CHANGE] Modify the content filter register mechanism.
[FEATURE CHANGE] When Local / Peer ID type is DNS or E-Mail, ID content should not be empty.
Previous: When Local / Peer ID type is DNS or E-Mail, ID content can be empty.
Now: When Local or Peer ID type is DNS or E-mail, and if the related ID Content is empty, the rule won't be saved and error message will be shown at the bottom of menu 27.1.1 or eWC->VPN->VPN Rule Edit.
[FEATURE CHANGE] Modify the message format of remote management
centralized Log as: Remote Management: [TELNET|FTP|WWW|DNS|SNMP|ICMP Ping response] denied
[FEATURE CHANGE] In previous design in IKE, responder sends initial contact only when it receives initial contact notify from initiator. Now the responder sends initial contact notify to initiator when first contact with peer.
[FEATURE CHANGE] Change the length of phase 1 ID payload during IKE negotiation.
Previous: local machine builds phase 1 ID with fixed length ( The length equals to peer's ID length ).
Now: the local machine builds phase 1 ID with ID's real length.
[FEATURE CHANGE] In web page "Firewall->BM Global Setting", the check boxes for all interfaces are integrated into one.
[FEATURE CHANGE] When users insert a firewall rule, the default setting of bandwidth management is none.
[FEATURE CHANGE] eWC->VPN->VPN-IKE: In previous design, system will copy "My IP Address" to "Local ID Content" and copy "Secure Gateway Addr" to "Peer ID Content" when ID type is IP . Now the system won't do it, but users still can change Local & Peer ID Content. In other words, now the FQDN behavior in GUI and SMT are the same.
[FEATURE CHANGE] We change maximum Firewall custom port number from 10 to .

comments?




Sunday, 06-Dec 02:20:02 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole