I am pleased to announce that we have released ASG 8.300 via our Up2Date distribution network. The main features of this release are Amazon Machine Images of Astaro Security Gateway (along with Astaro Command Center), an integrated connector for the Amazon Private Cloud (VPC), ASG Site-to-Site VPN Tunnels using our RED protocol, support for our Wireless AP50 product, and BGP4 routing support. In addition, we have added numerous tweaks, dozens of stability improvements and increased the performance of many features. This release will solidify your ASG V8 installation and give you the best Astaro experience yet.
ASG 8.300 Feature Summary:
Amazon Machine Images (AMI) for ASG (and ACC)
As mentioned in our earlier technical preview, you can now launch and run Astaro Security Gateway inside Amazon’s Elastic Computing Cloud (EC2). Already we are seeing creative uses of this deployment method with partners using their cloud-based ASG to connect our RED product, and then extending their branches further by adding our Access Points to those devices – all managed centrally from their Amazon ASG. Let us know via a post at our UBB at http://www.astaro.org how it works for you, and how you are (or plan) to use it for your business – we are always interested in use cases! To locate the ASG AMI’s, go to the community AMIs tab and search for “ASG”. (A full deployment tutorial will be available at GA)
Amazon Virtual Private Cloud (VPC) Connector
The Amazon VPC service allows you to host and run your server infrastructure in a secure, scalable cloud. Our VPC connector gives you a permanent, encrypted connection to your VPC resources right from ASG. The back end for this uses our new BGP routing to redundant Amazon gateways, and is done automatically without you needing to know anything about BGP or the Amazon technical parameters for doing it manually (or with more complex products). A guide will be available at GA release to assist you in connecting to your VPC.
Support for Astaro Wireless AP50
Our new Wireless AP50 product is finished production and will be available very soon. You will need to be at ASG V8.300+ to use this product. With 5Ghz and 2.4Ghz bands, dual high-gain antennas, and Gigabit ethernet, this is our biggest and most capable wireless product, perfect for bigger environments or locations where the 2.4Ghz band is cluttered with interference. You can get more information from the Astaro Access Points section on our Website.
Site-to-Site VPN using RED Protocol
We have added the ability to make tunnels between ASG devices using our much-heralded RED tunnel technology*. This operates similarly to how site-site over SSL works, you setup one ASG as the “Main” office (Server) and connect to them from other ASG sites as the “Client”. Some quick steps to begin:
- At the Main Site:
- Go to “WebAdmin–>RED Management–>[Server]Client Management Tab”
- Add a RED, enter a name and pick type “ASG”. Click Apply.
- Download the .red provisioning file which is created.
- On the Remote ASG you wish to connect:
- Go to “WebAdmin–>RED Management–>[Client]Tunnel Management”
- Add a tunnel, create (or select) a definition for the Hostname of the Main ASG and supply the provisioning file you downloaded from the Main ASG
- The tunnel will now be created.
- Now that you have a tunnel, you must to setup things manually. You will find hardware interfaces you can use to create a Network Interface in the ASG’s, select IP ranges to be used, and otherwise manually configure the connectivity. This was originally designed for a special use case; you have however surprised us with your interest in this feature. So, we plan to have a more guided setup within WebAdmin for using RED for a site-site VPN with ASG’s in a future Up2Date.
*This will NOT turn your remote ASG into a RED terminal. It will still have a GUI and work like a normal Site-Site VPN does.
BGP4 Routing Support
ASG now has the ability to do Border Gateway Protocol Routing (BGP). You will find the configuration for this in WebAdmin at “Interfaces & Routing–>Border Gateway Protocol”. A specialized routing protocol with specific applications, you should make use of this feature only if you know what you are doing.
- The Astaro Authentication Agent (AAA) has by popular request been made available as an MSI package as well as an EXE. You will find both on the Client Authentication section in WebAdmin. Enjoy your mass roll-outs of the AAA!
- Saved Web Reports have been to school and now remember how info was sorted when you saved them
- The printable configuration engine has also been educated on how to properly display big blocks of text without going outside the lines and now looks much better
- You can now see and sort application rules by the groups you create
- Notifications have had “select-all” boxes added, saving you from having to click dozens of times to select what you want
- You can now create Web Security Reports from Pre-8.2 Logs, see Support–>Advanced–>Weblog Import
- The Wireless Access Points Grouping section now has an apply button like the rest of WebAdmin, and no longer resets your selections between clicks as a result.
Astaro Security Gateway Up2Date 8.300 Information
- Added: Amazon VPC connector
- Added: Wifi AP50 support
- Added: BGP4 support
- Added: RED ASG-to-ASG tunel
- Fixed: VLAN and PPPoE over bridge are now subject to packet filter
- System will be rebooted
- Configuration will be upgraded
- Connected Wifi APs will perform firmware upgrade
- Connected RED devices may perform firmware upgrade
- Amazon Machine Images for ASG/ACC available in the community AMI tab of Amazon Web Services
-  Confd should reject IP addresses with leading zeros
-  RAS addresses are never removed from back end group network objects
-  QoS limits maximum packet size to 2047
-  Web Security reporting: scheduled reports might always be empty
-  SMTP Proxy can’t send any email when special characters are used in BATV secret
ASG Up2Date Package
Download link: http://ftp.astaro.de/ASG/v8/up2date/u2d-sys-8.300.tgz.gpg
ASG Hardware Appliance ISO
ASG Software Appliance ISO
*(Astaro Smart Installer Images will be updated to 8.3 and published within the next few days)
Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an already-downloaded Up2Date package to the system:
- Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the “Watch Up2Date Progress in new window” and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
- Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
|Astaro Security Gateway Up2Date FTP Mirrors:|
- If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. “[8.300] Running ASG with Amazon EC2”).
- If you have any feedback on our help, manual, or any documentation (Online Help) please send it to firstname.lastname@example.org.
- There is also a demo server for public use: http://demo.astaro.com
ASG Product Manager