Astaro Security Gateway Version 8.200 Released

Announced at CeBit earlier this year, Astaro Security Gateway V8.200 is now available. ASG 8.2 adds Application Control (aka. Layer-7 or "Next-Generation" Firewall) and Network Visiblity so that you see everything happening in your network and can make educated, reactive decisions about how your connection is used.

There is also an Interactive Web Reporting Engine that lets you craft and mold reports; you can navigate through data until you have the answer you need, no more tirelessly looking through pre-arranged reports hoping you stumble across the right one! 3G/UMTS USB support, Search Engine "Safe Search" enforcement, weights for Internet Connection balancing, and a User agent for user-based security configuration have all been introduced as well, to name just a few. WebAdmin sees usability improvements, and there is a technical preview of our upcoming Log Management product. Taking advantage of new technology and methods, we have vastly improved throughput performance of ASG, increasing it by up to four times in some areas, with a focus on Intrusion Protection and Firewall throughput. Read on for more…

For over 8 months our ASG Public Beta program has seen hundreds of particpants making over 5000 posts while you helped us shape and build this version to solve the problems you face in the real-world. Dozens of new features and functions have been added or improved upon, and our open approach to feedback and improvement suggestions via our Feature Portal has evolved Astaro Security Gateway further than ever; it truly is a product of YOUR environment.

A summary of some new features and functionality follows below, along with download information. For more details about Astaro Security Gateway 8.2 you can view the full release notes here. We hope you enjoy this release as much as we enjoyed making it for you.

 ASG 8.200 Feature Summary:

Application Control

ASG provides Application Control and Network Visibilty.  Application Control uses hundreds of precise patterns to identify which applications are being used on the network, regardless of the port or protocol they use to communicate. Network Visibility gives you a real-time display of exactly how your Internet connection is being used, and lets you create configuration directly from the display. We are pleased to included Application Control as part of our Web Security and Full Guard subscriptions. Read more >

Interactive Web Reporting

The Web Reporting Engine has been entirely re-designed from the ground-up to give a new, optimized experience which is tailored for how you expect to see data while delivering the information you are looking for easily. Click, build, save, and subscribe users and groups to automated report delivery in moments. You can even see exactly what your users are searching for with Google, Yahoo, and Bing. A staggering array of features awaits you. Read more >

*Note* – Installing ASG 8.200 will clear existing Web Security Reports! This is necessary as the database systems are vastly different. Soon, we will offer the ability to “re-inject” a past Web Security log file from 8.103 into the system so that you can control when this system-intensive task will occur.  (Log files are completely untouched and remain intact on the system as configured)
If you rely on existing Web Security reports, do NOT install ASG 8.200 until the re-inject feature has been released in a future Up2Date.

3G/UMTS USB Modem Support

ASG supports the use of 3G/UMTS USB modems (sticks). This feature allows for these cellular USB-connected devices to be used as an Internet interface. The support of these devices lets you add redundancy or connectivity at temporary sites, remote locations, or areas without a good selection of affordable Internet connections. Further, you can add 3G/UMTS connections to the ASG’s WAN (Internet) link balancing pool.

Astaro Authentication Agent

Provide per-user configuration using the new Astaro Authentication Agent (AAA). Users can now authenticate using this lightweight program that is used for identification to control access or assign permissions such as Web Security profiles, while gaining more detailed reporting for environments without dedicated authentication servers

Web Filtering Safe Search Enforcement

The Web Security system of ASG can now enforce the enabling of “Safe Searching” for the user at the three major search engines (Google, Yahoo, and Bing).
This feature will automatically enable the “safe search” features of these engines, which will filter their search queries and results no matter what the user sets for preferences in their browsers

More features:

Web Application Security: Form Hardening – Enforce the answers which can be given to forms you offer on your servers. Read more >
Web Application Security: Reputation Filter – Disallow visitors from anonymous or known malicious sources.
Weighted Load Balancing for WAN Uplink and Server Load Balancing – Specifiy how heavily each of your Internet connections should be used.
Improved IP Address-to-User Mappings – Resolution system displays Authenticated Name, Definition Name, and other factors before displaying IP addresses in reports.
Backup File Information Stripping  – Reuse backups in other installations easily.
Group-in-Group support – Reduce the amount of individual rules you need to make by grouping existing object groups together.
L2TP VPN for Android Devices – Connect securely with an IPSec-Based VPN for your Android mobile.
"No NAT" NAT rules (NAT exceptions) – Remove/Exempt traffic from NAT  
Virtualization – Increased performance of Citrix XenServer, Microsoft Hyper-V, and KVM
Astaro Wireless Security Improvements – Wireless Access Points can update without rebooting, and accept configuration changes without dropping connections.
WebAdmin Dashboard Timeout Option – Choose if the ASG dashboard honors your timeout settings or not.
Dashboard License Expiration Colors – A visual aid about your subscription statuses for the ASG Dashboard
Demo Data  Injection – Command line option to saturate an ASG with usage and reports, great for demonstrating to customer sites or events.

Other new things:

-SNMP Version 3 support
-Improved Web Filter Deployment Mode Selection   
-Interface Virtual MAC Address (Spoofing)   
-Web Application Security: Drop Invalid Cookies   
-Web Application Security: Rule Skipping   
-Web Application Security: SAN Certificate Support   
-Editing User-Defined Mail White/Blacklists in WebAdmin   
-Support for Hurricane Electric IPv6 Tunnel Broker   
 -Backend Firewall Rule Enhancements (IPSets)  
-Web Filter Multi-CPU Scaling   
-Greatly Improved Network Performance (Soft-IRQ Balancing) 
-WebAdmin Physical Console Direction Message   
-Color Blindness Support for ASG Red/Green Buttons   
-WebAdmin “Terms of Use”
 

 Astaro 8.200 Download Information:

Remarks:
-System will be rebooted
-Configuration will be upgraded
-Existing Web Security log files are retained
-Web Reporting Data will be reset
-Web Reporting Data can be recreated from log files in an upcoming Up2Date

-Connected REDs will perform firmware upgrade
-Connected Wifi APs will perform firmware upgrade

News:
  •Next Generation Firewall: Network Visibility and Application Control
       •Application Control supersedes IM/P2P
  •New Web Security reporting:
       •Improved UI
       •Custom reports per mail
       •Departmental reports
       •Search engine usage reporting
  •Client-based user authentication for Windows
  •ASG integration for hosted Log Management service (Beta)
  •New Wifi firmware:
       •Rebootless reconfiguration (for majority of cases)
       •AP grouping
       •Dynamic VLAN tagging (with RADIUS)
  •WebApplication Security:
       •Form Hardening
       •Reputation-based client blocking
       •Sitemap-XML import
       •Invalid cookies now dropped instead of rejected
  •HTTP/S Proxy: SafeSearch enforcement
  •IPv6:
       •IPv6 support for SMTP proxy
       •IPv6 support for HTTP proxy in "full transparent" mode
       •ICMPv6 service definitions
  •Configuration:
      •Group-in-Group support for network and service definitions
      •Support for "Stripped Backups" (usable as templates)
  •UMTS modem support
  •KVM VirtIO support
  •Hyper-V support
  •Network performance improvements:
      •Packet filter ruleset optimization (IPset)
      •New IRQ balancer
      •IPS optimization
  •SNMP v3 support
  •Weighted server load balancing
  •Weighted uplink balancing
  •NAT exceptions
  •Display "Terms of Use" for WebAdmin

Fixes:
  [11998] – Default src addr parameter not working for S2S IPv6 routes
  [12839] – Site-to-Site connection will not be established with SHA2 as ipsec authentication algorithm
  [14782] – UTF-8 characters in realname of imported keys are not displayed correctly
  [14820] – Virus uploads don’t get blocked if XSS or SQL Injection filter (mod_security) is enabled
  [15972] – Exceptions do not work for Cross Site Scripting, SQL-Injection or Cookie Signing
  [16153] – Radius secret containing backtick character (`) doesn’t work
  [16206] – [AUA] AD groups containing utf8 characters are not returned when using test authentication
  [16431] – PGP Inline encrypted Emails arrive with emtpy body at the mail-client
  [16593] – Scheduled up2dates don’t run when atd is dead. Selfmon check needed.
  [16853] – Radius secret containing backtick character (`) doesn’t work
  [16880] – WAF logfile does not show block reason for "XSS Filter" or "SQL Injection Filter"
  [17362] – After successful Smime-decryption, the emails are sent out encrypted when signature verification fails
  [17498] – Need an option to clear, set, or copy the DF bit flag for traffic related to the IPSEC tunnel
  [17907] – User prefetch fails if the mail and proxyAddresses is case-sensitive

Download Links:
Below is the link for the Up2Date package from 8.103 to 8.200. (ISO images for all installations will be available for the GA Up2Date Push)
Link: ftp://ftp.astaro.de/ASG/v8/up2date/u2d-sys-8.200.tgz.gpg
Size: ~189MB
MD5: 3954085f9e6b2e290233ff7716c83bac

Up2Date Installation:
Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an already-downloaded Up2Date package to the system:

  1. Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
  2. Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
  Astaro Security Gateway Up2Date FTP Mirrors:  
 
 

Feedback

  • If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.200] Application Control Question").
  • If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
  • There is also a demo server for public use: http://demo.astaro.com

Angelo Comazzetto
ASG Product Manager