Release Notes CSG 7.1.14

Collax Security Gateway
14.05.2020

Installation Notes

Update Instructions

To install this update please follow the following steps:

Procedure

  1. It is highly recommended to backup of all server data with the Collax backup system before proceeding. Check that the backup was successful before proceeding with the update (this can be done within the backup information email).
  2. In the administration interface go to System → System Operation → Software → System Update and press Get Package List. This will download the listed update packages. If successful the message Done! will be displayed on the screen.
  3. Click Get Packages to download the update packages.
  4. Click Install. This installs the update. The end of this process is indicated by the message Done!.
  5. A new kernel will now be installed. The system will reboot automatically after installing the update. An appropriate note will be shown if the update process is completed.

New in this Version

Collax Central: New features

With this version, four new features are available for the additional module “Collax Central”. - The information about an available update is now also displayed on the Collax Central dashboard. - You can now code a trigger for a notification in a language other than bash. - The use of newer Javascript features for your own content can lead to problems with some browsers. With this update, the conditions are rewritten so that they are no longer browser-dependent. - For the triggers for a notification, hosts that were already deleted were also offered in the selection of hosts. This has been fixed with this update.

Misc: Modern Online Documentation

The online documentation gets a new look and has been redesigned, structured and modernized. It now also has a search function, so that they include the current descriptions of the product surface to find the relevant technical information more quickly.

Misc: Python 3.8.2

With this release, Python 3.8.2 will be installed. Installing this does not replace python2 but installs alongside of it. Run python3 scripts using the python3 interpreter.

System Management: New Updates available

There will be a symbol on the administration interface about new, available updates.

System Management: Linux Kernel 4.9.220

This update installs Linux kernel 4.9.220.

File: Two-factor authentication for logging on to WebAccess

With this release, a method for two-factor authentication (2FA) can be activated for the WebAccess, that in addition to the password of a user asks for a temporary one-time password. The user receives a one-time password through an authenticator app or a security token. In the future, the user will have to enter the one-time password, if 2FA is activated, each time you log on to WebAccess, after entering your login and password. This second level for checking the authenticity of the user eliminates the risk of guessed or spied passwords.

Issues Fixed in this Version

VPN: Duplicate IP addresses for ongoing connections

With L2TP dial-up connections with a virtual IP address, it could occur that new connections receive the same IP address as the already connected client. This made the connection of the previous client unusable. This will be corrected with the update.

VPN: Proposal combinations for IKE tunnels

With certain proposal combinations for IKE tunnels, it could happen that the preferred settings have not been negotiated. This will be corrected with the update.

Notes

E-Mail: Avira AntiVir prior Version 7.1.6

From Avira, an automatic update of the core components of Avira has been carried out. In this context, a new dependency of the libraries has been added, the next time the virus scanner is not started can be resolved. The result is that the virus scanner does not work during a reboot or configuration change is restarted. For security reasons, emails will no longer be delivered. To solve the problem, please update your server to version 7.1.6. Note: As long as the virus scanner is not restarted, it works in its entirety.

E-Mail: Changed ruleset format of Spam Filter SpamAssassin

Please note: On March 1st, the SpamAssassin project will change the format of the ruleset updates. From this date on, only systems that have installed Update 7.1.10 will receive updates.

VPN: IKEv2 with Microsoft Windows stops after 7.6 hours

VPN connections with IKEv2 and the on-board resources of Microsoft Windows interrupt after exactly 7.6 hours. It can be reestablished by restarting the connection.