UpgradesRelease notice for Ingate Firewall® 4.9.1 and Ingate SIParator® 4.9.1
Release name: |
Ingate Firewall® 4.9.1
Ingate SIParator® 4.9.1 |
The new version can be found here
Release notes for Ingate Firewall(R) 4.9.1 and Ingate SIParator(R) 4.9.1
Release name: Ingate Firewall(R) 4.9.1
Ingate SIParator(R) 4.9.1
Release date: March 9, 2011
The new version and User Manuals can be found at:
http://www.ingate.com/Upgrades.php
This is a major release with many new functions, features, bug fixes and
security improvements.
A major addition is the SIP Trunking page, which now is the recommended
way of configuring connecting an IP-PBX to an ITSP.
We recommend everybody to upgrade.
* New SIP Related Features *********************************************
*** SIParator Types included in Firewall Mode. [Tracking ID: 4525]. This
allows to open ports and to use firewall functions, even though the
Ingate is used as a SIParator in parallel with an existing firewall.
*** New SIP Trunking page Configuration. [Tracking ID: 4370] Gives
extended possibilities to configure SIP Trunking in a structured way
using the B2BUA. Details and examples are found in the separate:
"How To SIP Trunking Using the SIP Trunk Page" under the Account
Login on www.ingate.com.
*** Allow use of "From" header rewrite with SIP Accounts in the Dial
Plan. [Tracking ID: 3676, 3800, 4120, 4466, 4491, 4500, 4575]
(Introduced in 4.8.1. Generic header manipulation can instead be
used, see below.) See "How To use Generic Header Manipulation" under
the Account Login on www.ingate.com.
*** Generic Header Manipulation. [Tracking ID: 4501, 4502, 4558, 4581,
4590] Introduced in 4.8.4. Extended in 4.9.1. See "How To use
Generic Header Manipulation" under the Account Login on
www.ingate.com.
*** Added support for PRACK (reliability of provisional responses) in
the B2BUA (RFC 3262). [Tracking ID: 4621] Can add/remove PRACK
between parties.
*** Support relaying of any content (in addition to DTMF) in INFO
messages through the B2BUA. [Tracking ID: 3965, 4368, 4570]
*** Handle UPDATE in the B2BUA. [Tracking ID: 4474]
*** Digest Authentication is now also supported between parties passing
the auto-invoked B2BUA.
*** Additional attributes in RADIUS accounting messages. The following
values from RTCP between SIP endpoints are reported:
IG-Acct-Input-Jitter-Avg-Rtcp
IG-Acct-Input-Jitter-Max-Rtcp
IG-Acct-Input-Missing-Rtcp
IG-Acct-Output-Jitter-Avg-Rtcp
IG-Acct-Output-Jitter-Max-Rtcp
IG-Acct-Output-Missing-Rtcp
IG-Acct-Rtd-Avg-Rtcp
* New SIP Security Features ********************************************
*** SIP IDS/IPS (Intrusion Detection System / Intrusion Prevention
System) is now a standard module, requiring no extra license.
(Introduced in 4.8.4)
*** Support for IDS/IPS on Ingate Firewall 1190 and SIParator 19.
[Tracking ID: 4603] (Introduced in 4.8.4)
*** General SIP Signalling IDS/IPS rate limiting of any SIP message
added. [Tracking ID: 4622] Default values are calculated by model
and licenses and automatically invoked if no rate limiting existed.
See GUI page SIP Traffic > IDS/IPS to modify or disable.
*** Authentication setting in DNS override. [Tracking ID: 4524] E.g.
Proxy Authentication of remote users can simply be enforced.
(Introduced in 4.8.4)
*** Brute force authentication protection inhibits password guessing
attacks against SIP servers. [Tracking ID: 2327]
*** Allow requests within dialogs with policy "Local only" [Tracking
ID:4551]
* New SIP Settings *****************************************************
*** Setting for hiding the Record-Route header [Tracking ID: 4548]
*** Setting for removing Via headers [Tracking ID: 4552]
*** Setting for reusing port numbers when changing media Type (e.g. T.38
FAX). [Tracking ID: 4521]
*** Setting for not increasing SDP version number when unchanged by
remote endpoint. [Tracking ID: 4561]
*** Setting for always sending B2BUA offer in INVITE, or forwarding
INVITE without offer. [Tracking ID: 4653]
*** The "User Matching" setting now also applies when looking up the
account to be used with proxy authentication.
*** New sender IP address setting in Outbound proxy table. And
possibility to automatically assign sender IP address based on the
From header of the SIP request. The address is chosen from the
primary address or any alias. [Tracking ID: 4358]
*** Setting for adding of Codecs in Limitation of Codecs table.
[Tracking ID: 4482]
*** Setting for codecs used with third party call control, i.e. INVITEs
without SDP. [Tracking ID: 4504]
*** Setting forces use of AOR in Contact user name of registrations.
[Tracking ID: 4545]
*** Setting for tearing down media state when handling re-INVITEs.
[Tracking ID: 4591]
*** Setting for fixing Route set of BYE messages from non Conforming SIP
endpoints [Tracking ID: 4593]
*** New configuration option for escape characters in username of SIP
URI
* More SIP Functions ***************************************************
*** Allow alias for SIP accounts. [Tracking ID: 4534]
*** Allow handling of NOTIFY in dial plan. [Tracking ID: 4547]
*** Support receiving outbound proxy configuration via option 120 (sip-
servers) from the DHCP server. [Tracking ID: 4529]
The implementation configures the DHCP client to request Option 120
(sip-servers). IPv4 addresses are supported currently, not domain
names. The option may contain one or more addresses.
The received IPv4 addresses can be used in the outbound Proxy
setting by entering a domain of the following format in "Domain or
IP Address": .._sip-servers
For example "0.Outside._sip-servers" means use the first IP address
among the sip-servers received from the DHCP server for the directly
connected network called Outside. If no sip-servers option was
received, the outbound proxy setting will be dropped.
* Other new features ***************************************************
*** Setting for configuring allowed FTP server data port(s). [Tracking
ID: 1388]
* Various SIP-related improvements *************************************
*** Improve handling of 491 (Request Pending) responses. [Tracking ID:
3234]
*** Improve B2BUAWM accounts, keeping media relay property on re-INVITE.
[Tracking ID: 3325, 4610]
*** More tolerant calculation of traversal licenses used when both
endpoints are on the same network. [Tracking ID: 3845]
*** Resolved issues with terminating calls before they are answered in
some transfer scenarios. [Tracking ID: 3876, 4578].
*** Improved handling of many calls concurrently. [Tracking ID:4563]
*** Improve parsing of URIs, allowing colons in URI parameters.
[Tracking ID: 3910]
*** Use the SIP peer address if both the contact and origin addresses
of the SDP are 0.0.0.0. Avoids "ping-pong" re-INVITEs. [Tracking
ID: 4251]
*** Accept expires recommendations. [Tracking ID: 4310]
*** Exclude port, parameters and headers when matching request URIs in
the Outbound proxy table. [Tracking ID: 4403]
*** Accept comments in Retry-After headers. [Tracking ID: 4406]
*** Setting for configuring Refer-To matching in attended transfers.
[Tracking ID: 4457]
*** Improve interoperability of third party call control calls by
dropping 183 (Session Progress) responses with SDP and strip SDP
from other 1xx responses. [Tracking ID: 4510]
*** Allow wild-cards in force translation setting. [Tracking ID: 4533]
*** Improve media encryption interoperability in some transfer
scenarios. [Tracking ID: 4571]
*** Improve local ringback tone quality in some transfer scenarios.
[Tracking ID: 4584, 4585]
*** Improve prioritization in DNS Override. [Tracking ID: 4612]
*** Improved handling of forked calls that gets authenticated
* Other Improvements ***************************************************
*** Support multiple VPN RoadWarriors with the same Pre Shared Key
(PSK). [Tracking ID: 4537]
*** Support additional gateways in failover setups. [Tracking ID:
4594]
*** Throughput capacity increased by removing CPU loading and instead
firmly limiting maximum number of simultaneous calls, in the
SIParator 19 and Firewall 1190 (same model used in new models).
(Introduced in 4.8.4)
*** New products SIParator 51/56/66 and 96 as well as Firewall
1510/1560/1660 and 2960 supported from release 4.8.4
|