Upgrades

Release notice for Ingate Firewall® 4.6.4 and Ingate SIParator® 4.6.4

Release name: Ingate Firewall® 4.6.4
Ingate SIParator® 4.6.4
Release date: 2008-09-10

This is a service release, providing bug fixes. We recommend that everybody that uses the Ingate as a NAT device or use PPPoE upgrade.

The new version and the user manual can be found at: www.ingate.com/upgrades/

Fixed Problems

  • When PPPoE was used, the unit would sometimes use the IP address of the remote PPPoE link instead of the local IP address when configuring various subsystems. This could cause the SIP relay to attempt to NAT media to that address, which would cause no media to be received. This problem could also lead to various other issues, not all of them related to SIP. [Tracking ID: 3682]
  • If IPsec is used, and a dynamic address without a lease is selected as "NAT As" in the IPsec Tunnels table, the database server would crash. [Tracking ID: 3920]
  • The unit now selects source ports randomly for NAT. Previous releases picked the numbers sequentially, which made it possible to predict the number. Predictable source ports numbers can be a problem for protocols that rely on a random source port number for security, such as some setups of DNS.
    See www.kb.cert.org for more information on the weakness in the DNS protocol that this fix mitigates. [CVE-ID: CVE-2008-1447] [Tracking ID: 3896]

Known Problems

Known VPN-related Problems

These problems are only relevant if IPsec is used.

  • Packets with a destination address that belongs to either end of a tunnel will appear to be encrypted in the log, even when they should not be encrypted. This is a problem with the log only. [Tracking ID: 46]
  • The local endpoint must be chosen so that it is the address closest to the next-hop router for that peer. This means that mobile clients must always connect via the same interface (typically the interface connected to the Internet). [Tracking ID: 508]

Known Failover-related Problems

This problem is only relevant if failover is used.

  • Upgrading a failover team is a complex operation. To upgrade it, you must break the team and upgrade each machine in turn. This will require a number of reboots and network outages. See the separate failover upgrade document which is available on the upgrade web. [Tracking ID: 499]

Other Known Problems

  • Using multiple default gateways does not work with PPPoE interfaces. [Tracking ID: 2980]
  • Autonegotiation of NIC duplex and speed does not work with Alcatel SpeedTouch modems using some Ingate models that support configuration of NIC duplex and speed. Setting the duplex and speed manually to half/10 solves the problem. Affected models: Ingate Firewall 1450, 1880. Ingate SIParator 45, 88. [Tracking ID: 3006]
« BACK
Ingate Firewalls
Ingate SIParators
Other products
 Box 10013, SE-121 26 Stockholm, Sweden  |  +46-(0)8-600 77 50  |  info@ingate.com  |  Contact us  |  webmaster@ingate.com  |  Home  
  How Ingate uses cookies