WatchGuard WSM v10.2.10 and Fireware v10.2.10 Release Notes
发布: 2009-8-03 18:37 | 作者: Allan | 来源: 《深圳赛佛莱特科技有限公司》技术版
注:本站原创,转载请保留本行信息(深圳赛佛莱特科技有限公司)。
本次版本更新解决了一些问题,简单介绍一下重点的更新:
一、解决了NAT Lookback问题,这是个老问题了,早就该解决了。具体情况:比如防火墙上做了端口映射或One to One的NAT,如将202.96.1.1一对一映射到192.168.0.1,域名abc.com指向202.96.1.1时,当内网用户用域名去访问abc.com时,连接请求经过WatchGuard防火墙去互联网解析到域名后,发现又绕回来了,实际上是经防火墙映射回了192.168.0.1,因此防火墙必须能正确处理这样的连接,这个就是NAT Lookback的本质。
二、针对Branch office VPN传输现在支持全局或基于策略的NAT转换了。
三、针对Branch office VPN现在可以在动态NAT中指定特定的IP地址。也就是说VPN可以翻译成特定的公网IP地址出去。
四、静态NAT与1对1的NAT现在支持隧道网络(支持空或0.0.0.0路由)
五、服务器负载均衡修正了大量BUG并改进性能和稳定性。
六、VPN改进,针对透明模式下VPN及移动VPN做了一些修正。
具体情况可以参见如下内容:
General
The Firebox now passes traffic that includes unkeyed GRE packets. [39088]
NAT
Fireware now includes support for NAT loopback. NAT loopback allows a user on the trusted or optional networks to get access to a public server that is on the same physical Firebox interface and same subnet by its public IP address or domain name. [15513]
You can now enable global and per-policy NAT for branch office VPN traffic. [38019]
You can now specify IP addresses in the dynamic NAT configuration for branch office VPN tunnels. [38022]
Static NAT and 1-to-1 NAT now operate with tunneled networks (tunnel switching with a zero or 0.0.0.0 route). [26764]
Server Load Balancing
Server Load Balancing now operates correctly with global and per-policy dynamic NAT. [38018]
The Server Load Balancing custom sticky timer now operates correctly. [39061]
The Server Load Balancing least connection option now operates correctly. [38456]
Server Load Balancing has been enhanced to improve the availability of service when servers start or stop.
Management
You can now use the Wlimport.exe tool to import log files that contain ISO-2022-JP characters to your log database. [37771]
VPN, PPTP, and GRE
Branch office VPN and Mobile VPN with IPSec now operate correctly when your Firebox is configured with a drop-in configuration. [38459, 38872]
A problem has been fixed that prevented PPTP from working when the PPTP connection passed through a device that applied NAT. [17143]
Mobile VPN with SSL traffic no longer stops when there are many SSLVPN sessions. [38928]
Proxy
The SMTP proxy no longer hangs when it cannot contact the Quarantine Server. [27750, 34396]
FTP downloads no longer stop before the download is complete when you use the FTP proxy with Gateway AV. [36074]
Vulnerability and Stability Enhancements
When you use an LDAP server for certificate validation and the server is reachable for LDAP queries, WSM no longer loses Firebox connections. [33634]
After a Firebox runs for 497 days without a reboot, network connections and the console port now continue to operate correctly. [35870]
The lighttpd component used in Fireware has been upgraded to v1.4.22 to resolve several vulnerabilities in the previous lighttpd open source component. [38807]
Several problems resulting in kernel crashes (EIP=fcd1c4a8 and EIP=e0057a43) are fixed. [38141, 36188]
A problem that caused a kernel dump [c01356b3] when using the upper four ports on a Firebox has been fixed. [38862]
A problem that caused the CMM component to crash and then automatically restart has been fixed. [37563]
本次版本更新解决了一些问题,简单介绍一下重点的更新:
一、解决了NAT Lookback问题,这是个老问题了,早就该解决了。具体情况:比如防火墙上做了端口映射或One to One的NAT,如将202.96.1.1一对一映射到192.168.0.1,域名abc.com指向202.96.1.1时,当内网用户用域名去访问abc.com时,连接请求经过WatchGuard防火墙去互联网解析到域名后,发现又绕回来了,实际上是经防火墙映射回了192.168.0.1,因此防火墙必须能正确处理这样的连接,这个就是NAT Lookback的本质。
二、针对Branch office VPN传输现在支持全局或基于策略的NAT转换了。
三、针对Branch office VPN现在可以在动态NAT中指定特定的IP地址。也就是说VPN可以翻译成特定的公网IP地址出去。
四、静态NAT与1对1的NAT现在支持隧道网络(支持空或0.0.0.0路由)
五、服务器负载均衡修正了大量BUG并改进性能和稳定性。
六、VPN改进,针对透明模式下VPN及移动VPN做了一些修正。
具体情况可以参见如下内容:
General
The Firebox now passes traffic that includes unkeyed GRE packets. [39088]
NAT
Fireware now includes support for NAT loopback. NAT loopback allows a user on the trusted or optional networks to get access to a public server that is on the same physical Firebox interface and same subnet by its public IP address or domain name. [15513]
You can now enable global and per-policy NAT for branch office VPN traffic. [38019]
You can now specify IP addresses in the dynamic NAT configuration for branch office VPN tunnels. [38022]
Static NAT and 1-to-1 NAT now operate with tunneled networks (tunnel switching with a zero or 0.0.0.0 route). [26764]
Server Load Balancing
Server Load Balancing now operates correctly with global and per-policy dynamic NAT. [38018]
The Server Load Balancing custom sticky timer now operates correctly. [39061]
The Server Load Balancing least connection option now operates correctly. [38456]
Server Load Balancing has been enhanced to improve the availability of service when servers start or stop.
Management
You can now use the Wlimport.exe tool to import log files that contain ISO-2022-JP characters to your log database. [37771]
VPN, PPTP, and GRE
Branch office VPN and Mobile VPN with IPSec now operate correctly when your Firebox is configured with a drop-in configuration. [38459, 38872]
A problem has been fixed that prevented PPTP from working when the PPTP connection passed through a device that applied NAT. [17143]
Mobile VPN with SSL traffic no longer stops when there are many SSLVPN sessions. [38928]
Proxy
The SMTP proxy no longer hangs when it cannot contact the Quarantine Server. [27750, 34396]
FTP downloads no longer stop before the download is complete when you use the FTP proxy with Gateway AV. [36074]
Vulnerability and Stability Enhancements
When you use an LDAP server for certificate validation and the server is reachable for LDAP queries, WSM no longer loses Firebox connections. [33634]
After a Firebox runs for 497 days without a reboot, network connections and the console port now continue to operate correctly. [35870]
The lighttpd component used in Fireware has been upgraded to v1.4.22 to resolve several vulnerabilities in the previous lighttpd open source component. [38807]
Several problems resulting in kernel crashes (EIP=fcd1c4a8 and EIP=e0057a43) are fixed. [38141, 36188]
A problem that caused a kernel dump [c01356b3] when using the upper four ports on a Firebox has been fixed. [38862]
A problem that caused the CMM component to crash and then automatically restart has been fixed. [37563]
EN_ReleaseNotes_WSM_10_2_10.pdf
(2009-08-03 18:38:04, Size: 273 KB, Downloads: 2)