UpgradesRelease notice for Ingate Firewall® 4.2.3 and Ingate SIParator® 4.2.3
Release name: |
Ingate Firewall® 4.2.3
Ingate SIParator® 4.2.3 |
The new version can be found here
Fixed VPN-related problems
* IPsec shared secrets could not contain more than 57 characters.
[Tracking ID: 2045]
Known problems
Known VPN-related problems
These problems are only relevant if IPsec or the built-in PPTP server is
used.
* Packets with a destination address that belongs to either end of a
tunnel will appear to be encrypted in the log, even when they should
not be encrypted. This is a problem with the log only. [Tracking ID:
46]
* The local endpoint must be chosen so that it is the address closest to
the next-hop router for that peer. This means that mobile clients must
always connect via the same interface (typically the interface
connected to the Internet). [Tracking ID: 508]
* In order to properly remove an IPsec CA the firewall needs to be
rebooted. [Tracking ID: 1178]
Workaround:
Disable all IPsec peers and apply the configuration. This will clear
all previous IPsec state. Then enable the peers and apply the
configuration again.
Known SIP-related problems
These problems are only relevant if the SIP module is enabled.
* Active Sessions may under some circumstances not be directly removed.
The session is in such a case not removed at the instant when the call
ends. Instead the session is removed at the configurable session
timeout. This will lead to temporary unnecessary allocations of memory
and in some cases temporary unnecessary media-stream (firewall rules
for media) allocations. [Tracking ID: 1202]
* The SIP module may block while it waits for RADIUS authentication.
This effectively means that only RADIUS servers located on a LAN
should be used. Additionally the RADIUS server should preferably not
enable any brute force attack prevention mechanism that delays the
response in case of a faulty username/password combination. [Tracking
ID: 1425]
* The combination of Remote NAT traversal and static registrations does
not work. Typically this problem may show up calling a SIP user that
sits remotely behind a none-SIP-aware NATing firewall from PSTN.
[Tracking ID: 1859]
* Known Failover-related problems
This problem is only relevant if failover is used.
* Upgrading a failover team is a complex operation. To upgrade it, you
must break the team and upgrade each machine in turn. This will
require a number of reboots and network outages. See the separate
failover upgrade document which is available on the upgrade web.
[Tracking ID: 499]
|