Release notice for Ingate Firewall® 4.2.3 and Ingate SIParator® 4.2.3 ingate
 

Upgrades

Release notice for Ingate Firewall® 4.2.3 and Ingate SIParator® 4.2.3

Release name: Ingate Firewall® 4.2.3
Ingate SIParator® 4.2.3

The new version can be found here

   Fixed VPN-related problems

     * IPsec shared secrets could not contain more than 57 characters.
       [Tracking ID: 2045]

   Known problems

   Known VPN-related problems

   These problems are only relevant if IPsec or the built-in PPTP server is
   used.

     * Packets with a destination address that belongs to either end of a
       tunnel will appear to be encrypted in the log, even when they should
       not be encrypted. This is a problem with the log only. [Tracking ID:
       46]
     * The local endpoint must be chosen so that it is the address closest to
       the next-hop router for that peer. This means that mobile clients must
       always connect via the same interface (typically the interface
       connected to the Internet). [Tracking ID: 508]
     * In order to properly remove an IPsec CA the firewall needs to be
       rebooted. [Tracking ID: 1178]
       Workaround:
       Disable all IPsec peers and apply the configuration. This will clear
       all previous IPsec state. Then enable the peers and apply the
       configuration again.

   Known SIP-related problems

   These problems are only relevant if the SIP module is enabled.

     * Active Sessions may under some circumstances not be directly removed.
       The session is in such a case not removed at the instant when the call
       ends. Instead the session is removed at the configurable session
       timeout. This will lead to temporary unnecessary allocations of memory
       and in some cases temporary unnecessary media-stream (firewall rules
       for media) allocations. [Tracking ID: 1202]
     * The SIP module may block while it waits for RADIUS authentication.
       This effectively means that only RADIUS servers located on a LAN
       should be used. Additionally the RADIUS server should preferably not
       enable any brute force attack prevention mechanism that delays the
       response in case of a faulty username/password combination. [Tracking
       ID: 1425]
     * The combination of Remote NAT traversal and static registrations does
       not work. Typically this problem may show up calling a SIP user that
       sits remotely behind a none-SIP-aware NATing firewall from PSTN.
       [Tracking ID: 1859]
     * Known Failover-related problems

   This problem is only relevant if failover is used.

     * Upgrading a failover team is a complex operation. To upgrade it, you
       must break the team and upgrade each machine in turn. This will
       require a number of reboots and network outages. See the separate
       failover upgrade document which is available on the upgrade web.
       [Tracking ID: 499]

UPGRADES
Download upgrades
REGISTER
Web account login
Register web account
Support?  |  Helpdesk!
Contact us  |  info@ingate.com
How Ingate uses cookies