I am glad to announce that after many weeks of development, QA testing and public beta, Astaro Security Gateway 7.200 is finally ready and available now.
The new release includes a new IM/P2P control application allowing for granular control of many IM/P2P protocols including detection and blocking of Skype. It also provides HTTP MIME type filtering, an improved L2TP VPN backend, new VMware tools, an updated IPS engine and linux kernel as well as bugfixes and other improvements.
What’s new in ASG V7.200?
The new release provides granular IM and P2P detection and blocking capabilities based on a new layer 7 application classification engine, the Astaro Flow Classifier (AFC). The new engine offers better detection accuracy making it possible to even detect and block skype as well as a performance improvement. The following new features are included:
Exceptions based on User/IP addresses
Administrators can now define exceptions from the global IM/P2P usage policy for individual IP addresses. This allows granting usage of specific IM or P2P applications to specific users only.
Improved IM/P2P protocol detection
The new Astaro Flow Classifier allows detection and classification of more sophisticated protocols, which are typically hard to identify, like QQ or Winny
Quality of Service for IM/P2P protocols
In order to reserve sufficient bandwidth for business critical applications you can now define bandwidth limitations even for certain IM/P2P protocols, e.g. BitTorrent
Skype blocking, alerting and bandwidth shaping
By use of the new flow classifier, Astaro Security Gateway can now also detect Skype communication, and block it, or limit its bandwidth consumption, or just log its usage for to the administrator. The granular IM/P2P control capabilities replace the existing functionality available within earlier ASG V7 versions and will now be part of the optional ASG Web Filtering Subscription.
Furthermore the new release provides a HTTP MIME type filter, that can be used to restrict downloading of files that match a given MIME/content type.
All existing ASG V7 installations, with a base license start date before April, 1st 2008 will remain unaffected by this licensing change, i.e. the complete IM/P2P functionality will remain included within the base license. All installations after that date require the purchase of a Web Filtering Subscription in order to benefit from the new IM/P2P functionality.
- Existing IM/P2P configuration will be extended
- System will reboot after Up2Date
- Improved IM/P2P protocol detection
- Added Skype detection and blocking
- Added QoS traffic selectors for IM/P2P protocols
- Added MIME type filter to HTTP Proxy
- Improved L2TP backend service Updated VMware tools
- Removed support for hardware accelerated AV/IPS scanning
Fix : SSL VPN does not start with more than 30 network definitions
Fix : Combining DNAT and policy routing may not work in all cases
Fix : Problem detecting linkbeat for HA on ASG525F
Fix : IPS not working correctly on ASG Cluster in bridge mode
Fix : L2TP packets may get lost on bridge interfaces
Fix : Problem with Site-to-Site VPN having a NAT router inbetween
Fix : IPSec error: No space left on device
Fix : Problems when SSL VPN user logs in twice
Fix : IPSec connection problems in HA/Cluster environments
Fix : Active Directoy dot-notation not working
Fix : Download of S/MIME certificate provides empty file
Fix : Cluster with four or more nodes will not update completely
Fix : Link detection on LAG interfaces does not work on Slave/Worker nodes
Fix : Problem with usernames containing spaces
Fix : OSPF not working correctly in HA/Cluster environment
Fix : Hostname for End User Portal no longer acceps IPs
Fix : Changing link speed/mode does not take effect in bridge mode
Fix : Daylight Saving Time (DST) not updating properly
Fix : Webadmin/End-User Portal hangs when backend user logs in
Fix : Estimation of log partition fillup can be negative
Fix : Web Security reporting shows largs numbers
Fix : Packetfilter may drop locally generated packets
A detailed description of the new features, changes, system requirements as well as installation and upgrade information is included within the Astaro Security Gateway V7.2 Release Notes.
The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system (All Up2Dates are GNUPG-signed!):
- Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
- Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 88ffbb6099a2b8a19b4b2a1c638cc088 Size: 129,201,116 bytes)
HTTP: Astaro US – Astaro US2 – Astaro Germany – Astaro Germany2 – Austria Mirror – Japanese Mirror
FTP: Astaro US – Astaro US2 – Astaro Germany – Astaro Germany2 – Austria Mirror – Japanese Mirror
The Astaro Security Gateway Administration Guide, a hardware compatibility list and a Known Issues List for the GA release are available on our knowledge base .
If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.200] IM protocol detection "). If you have feedback to our documentation (Online Help) please send it to firstname.lastname@example.org. There is also a demo server to check the new GUI: http://demo.astaro.com.
Your Astaro R&D team