UpgradesRelease notice for Ingate Firewall® 6.3.1 and Ingate SIParator® 6.3.1
Release name: |
Ingate Firewall® 6.3.1
Ingate SIParator® 6.3.1 |
The new version can be found here
Release notice for Ingate SIParator(R)/Firewall(R) 6.3.1
Release name: Ingate SIParator(R)/Firewall(R) 6.3.1
Release date: July 23, 2020
The new version and documentation can be found at:
https://account.ingate.com/
This is a major release with new features and enhancements.
We recommend everyone to upgrade.
Note: Only the first time a unit is upgraded from 6.2.x to 6.3.x will EMPTY
the persistent log partition. (Any subsequent down->upgrades will not require
this). Meaning that *all logs* will be lost. This inconvenience is necessary
for improved file system support. If you want to save the on-unit logs prior
to the upgrade, use the "Export the Log" functionality found in the tab
"Logging and Tools -> Display Log". (Exported logs cannot be imported in the
new version).
* SIP **************************************************
*** Added built-in TURN server.
*** Added support for STIR/SHAKEN.
Standard to combat caller ID spoofing used by robocallers.
RFC 8588 and RFC 8224 - RFC 8226
*** Added built-in HEP Capture Agent.
Ability to duplicate SIP and media packets to a HEPv3 capture server
or endpoint like HOMER or sngrep.
*** Improved performance during un-register.
*** Improved performance during call tear down.
*** Improved performance of the B2BUA.
*** Added support for G729B, OPUS and SILK transcoding.
*** Fixed media transcoding when forking to endpoints with
different transcoding rules.
*** Added "Request Timeout" and "Cache Lifetime" to Call Control.
*** Allow to redirect using Call Control.
*** Multiple improvements to Call Control.
*** Added Transport to the Media Encryption Policy table.
*** Option to force media encryption even if the clients use the same suites.
*** Multiple fixes related to media encryption transcoding.
*** Multiple fixes related to Multi Profile media encryption transcoding.
*** Fix B2BUA session refresh method detection.
*** Respond 491 to re-INVITE during B2BUA transfer.
*** Include SIP-URI parameters in Refer-To when forwarding REFER to trunk (B2BUA).
*** Support route lookup when next hop is a Link-Local IPv6 address.
*** Support parallel forward in dial plan.
*** Added Server Domain Match Exceptions to Signaling Encryption.
*** New interop: Copy headers from REFER to INVITE in the B2BUA.
* Other ********************************************************
*** Add support for deleting an active security token using the HTTP
REST API.
*** Added support for incoming (D)TLS SNMP requests.
*** Added support for SNMPv3 Informs, with or without (D)TLS.
*** Added new SNMP traps for failover monitoring.
These are:
* ::failoverLostContactWithStandby
- Failover lost contact with standby unit.
* ::failoverLostContactDedicatedInterface
- Failover lost contact over dedicated interface.
* ::failoverEncryptionFailure
- Failover cannot sync configuration because of passphrase mismatch.
* ::failoverBrokenInterfaceOnStandby
- Failover detected broken interface on standby unit.
* ::failoverStandbyHasLowerVersion
- Standby unit has lower version than active unit.
* ::failoverOperatingNormally
- Failover team is now operating normally.
*** Added an SNMP trap that signals when the unit has (re)booted.
* ::systemBoot
- The system has (re)booted.
*** Added a third IP Policy option "Reject IP packets (TCP Reset)" that
will respond with a RST/ACK packet for blocked TCP requests.
*** Check that prefixes advertised via Router Advertisement belong to a
directly connected network.
*** Check that the amount of NAT relay listen ports is below the
specified maximum.
*** Improved functionality in the syslog facility.
New features/enhancements include:
* Specify server port.
* TCP support.
* TLS support.
* Send HOSTNAME in remote syslog messages (unitname/serial/custom).
*** Removed setting "Advanced->IP Fragments" (discard_weird_fragments).
*** Added support for running on AWS Nitro hypervisor.
This enables support for next generation EC2 instances.
*** Improved how file systems are created/used on hardware 95 (IG-095).
*** Improved network performance on IG-410, IG-450 and IG-096.
*** Added support to gather and send Time Series Metrics.
This feature is configured under the tab
Logging and Tools -> Time Series Metrics
When enabled and configured, the unit will send/export metrics regarding
CPU, general system load, memory usage, network interfaces and SIP. Please
refer to the reference manual for details.
The following Time Series Databases (TSDB) are supported:
* InfluxDB (collectd)
* Graphite
* OpenTSDB
* Prometheus
*** Request DHCPv4 option 'interface-mtu'.
*** Added setting for changing the MTU on physical network interfaces.
* VPN & IPsec *********************************************************
*** Improved user-space IKE daemon.
- NOTE: upon upgrade from 6.2.x you *must* set a new
password for each XAUTH user.
- NOTE: if you use CA (with CRL) for authentication, ensure
that the CRL contains the 'authority key identifier'.
*** Added interoperability setting to allow overlapping IKEv2 SAs.
*** Distinguish IPsec rules from non-IPsec firewall rules.
* GUI *****************************************************************
*** General look and feel improvements.
*** Added 'Clear log' button on 'Display Log' page to empty the log partition.
*** Added 'Interface Statistics' on Interface Status page.
|