In a little over 1 month since the Beta of our next major ASG Version has been available, hundreds of downloads have occurred and thousands of comments have been posted in the V8 Beta Forum.
We have made some incremental Up2Dates to the Beta so far, and now today are releasing a larger Beta build which adds some hotly anticipated features like Location Based Blocking, Web Application Firewall Cookie Signing, and Custom WebAdmin/UserPortal Certificate support.
It is never to late to test the Beta! If you have been wanting to give it a try, you can do so easily. Read on for information on the new Up2Date, and information on how you can join the Beta if you are not already using ASG Version 8.
Since the first Beta release of ASG V8 (dubbed 7.900) we have had 4 additional Up2Dates. Today we release 7.910 with the usual fixes and improvements from testing and beta feedback. In addition, some new features have been added for you to test out. (For those new to our Beta process, see the original V8 Beta announcement and our V8 Introductory Post).
If you are already using the ASG V8 Beta, you do not need to re-install. The new 7.910 Up2Date will be delivered to you normally and is installed via WebAdmin. As usual however, we have updated ISO’s and manual Up2Date downloads for you, along with the release information.
ASG Beta 7.910 New Features
Cookie Signing
You can now enable a new feature in your Firewall Profiles for the Web Application Firewall called Cookie Signing. For each cookie set by the server this will add a signature stored in another cookie so that the WAF can check the signature on return from the client. This prevents tampering with the cookie on the client side.
Specify the WebAdmin/UserPortal SSL Certificate
In Management >> WebAdmin Settings >> HTTPS Certificate you can now select which certificate is used by WebAdmin and User Portal for SSL encryption. As well, if you have an existing CA that you would like to use to sign the certificate currently used by WebAdmin you can do so. This feature can allow for installations that have their own Certificates or CA to take advantage of a WebAdmin/UserPortal login which does not trigger a security warning in the browser when navigating to the login page(s). More information on this feature can be found in the forums.
New WebAdmin Role: "Reviewer"
In addition to the Admin and Auditor roles already in place, we are adding a new one to the Beta called "Reviewer". Reviewers are allowed to see all settings in WebAdmin (unlike the auditor which is limited to Logging and Reporting), but can’t change anything. You can give users this role via Management >> WebAdmin Settings >> Access Control. (This feature will also appear in ASG V7.505).
Location Based Blocking
Using a new section at ]Network Security >> Packet Filter >> Location Based Blocking you have the possibility to block ALL traffic to and from IP addresses located in specific countries/regions. Please note that this feature is a a rather blunt instrument without current support of exceptions. While usually quite accurate, it could produce the occasional false positive since tying IP addresses into a physical location is always a technical practice. However this feature is great for preventing traffic interactions with a certain region or country, perhaps for reasons of spam, constant attacks, probing, or simply to due company wishes.
ASG V8 Beta 7.910 Details
Fixes
[12326] Site to Site connection will not be established when SHA 512 is used as IPSec authentication algorithm
[12917] Email subjects with umlauts are not displayed correctly in the mail manager
[13221] Installer doesn’t handle UTC option correctly
[13456] HTTP proxy doesn’t support "single time events"
[13485] Site-to-site VPN Compression policy not working
[13507] CPU reports showing the same utilisation for both nodes
[13552] Log file download usability/consistency
[13561] Packet Filter Live Log formatting is broken
[13564] Logging –> View Log Files loads very slowly
[13569] Small display problem in info in object table with IE8
[13583] New Mail Security RBL too aggressive
[13602] IPSec "Add Remote Gateway" fails with "VPN ID may not be empty"
[13606] Web Application Firewall can not write audit log files (Permission denied)
Remarks
-Configuration will be upgraded
-System will be rebooted
-New features to test (see above)
Download Information
ASG ISO (for Software/Virtual appliance installation)
Link: ftp://ftp.astaro.de/pub/ASG/v8/beta/asg-7.910-10.1.iso
Size: 345M (362143744 bytes)
MD5sum: e21e04e64e1e961d24d1a6b003b09d6d
SSI ISO (for ASG Hardware appliance installation)
Link: ftp://ftp.astaro.de/pub/ASG/v8/beta/ssi-7.910-10.1.iso
Size: 355M (372389888 bytes)
MD5sum: dfa5eabbe8225d811613c7acc39a9860
Up2Date package (7.904 to 7.910)
Link:ftp://ftp.astaro.de/pub/ASG/v8/beta/u2d-sys-7.904-910.tgz.gpg
Size: 52M (54769352 bytes)
MD5sum: 4c32fc4a6e65a1cb38290ec5c45ac589
Enjoy your testing, and if you have any questions or problems, don’t forget to share them in the V8 Beta Forum. We have plans for cool prizes to reward some lucky testers!
Cheers,
Your Astaro Team
Leave a Reply