Release Notes CSG 5.5.8

Collax Security Gateway

Installation Notes

Update Instructions

To install this update please follow the following steps:


  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

Web Proxy: HTTP-Header X-Forwarded-For is deleted

The HTTP heading line X-Forwarded-For can contain information about the IP address of the requesting client or about the requesting web proxy. The heading line also can contain the value unknown. If this heading line is not interpreted correctly be the requested web server, the web site is displayed improperly. From this update on the heading line X-Forwarded-For is deleted. So, internal information is not handed over and such web server can deliver the requested web site correctly to the clients.

Backup/Restore: Set Identifier for Backup System Manually

Usually the identifier for backups is generated automatically by the backup system and contains the host name of the system. To improve the disctinction of multiple backup systems the identifier can be set manually from this update on.

Collax Surf Protection: Further Cobion Categories for Web Filtering

From this update on more categories for the Cobion web filter are available for filter rules. The additional categories are: Instant Messaging, General Business, Banner Advertisements, Social Networking, Business Networking, Social Media, Web Storage.

Issues Fixed in this Version

Security: Scripting Language PHP5 and PHP Libraries

In the source code of PHP5 security holes have been discovered. These holes will be closed within this software update to PHP 5.3.23.

If the traffic data was resetted within the dialog Link status the message Uninitialized Value could occur if the dialog was loaded. This ist going to be fixed with this software update.

Up to now a port forwarding rule was always assigned to one network link. It was not possible to define a port forwarding rule for several links in general. This restriction is abolished wth this software update. Now a port forwarding rule can be defined independently of a network link to establish a forwarding of, for instance, port 443 from internal or external source networks.

If an ID was changed within a PSK IPsec connection this link had to be restarted manually after the activation of the settings. This is going to be fixed with this update, the ID is provided within the activation of the settings.

If an IPsec proposal was changed the associated link had to be restarted manually after the activation of the settings. This is going to be fixed with this update, the IPsec proposal is provided within the activation of the settings.

Collax Advanced Networking: L2TP, PPTP Connection and local Users when Windows Domain Member

If a Collax server was member of an Windows domain (Active Directory or NT domain) users from local groups could not authenticate via L2TP nor PPTP connections. From this update the appropriate authentication plugin for Windows domains will be active if an imported group has the permission to use L2TP or PPTP connections. Additional a message will be shown which groups can authenticate via a L2TP/PPTP connection.

Authentication: New Local User gets Existing UID Number

If the user database was reset from remote to local new local users could get the same user ID like existing users. This ist going to be fixed with this software update.

Backup/Restore: Missing Backup Log if Restoring Stream Data (LDAP)

Until now, the exit value of the restore was ignored when restoring stream data (e.g. LDAP), and failing restores were only detected if the error occured during the restore itself (i.e., write error) instead of during stream close. With this update restores can make the restore terminate in an error state by exiting with a non-zero value. This will be logged appropriate.

Backup/Restore: Status of Removed Media from Virtaul Tape Library

When the backup service checks for media currently present in changer magazines, it failed to mark all volumes as not present in changer if the list of currently available cartridges was empty (i.e., magazines not present, or all VTL media detached). With this update backup jobs are continued only if appropriate media is connected.