Upgrades

Release notice for Ingate Firewall® 6.0.2 and Ingate SIParator® 6.0.2

The new version can be found here

Release notice for Ingate Firewall(R) 6.0.2 and Ingate SIParator(R) 6.0.2

Release name: Ingate Firewall(R) 6.0.2
              Ingate SIParator(R) 6.0.2
Release date: September 20, 2017

The new version and User Manuals can be found at:
https://www.ingate.com/Upgrades.php

This is a minor release with stability improvements.
We recommend everybody to upgrade.

6.0.X Ingate Firewall(R)/Ingate SIParator(R) was a major release with new
functions, features, security, enhancements and improvements
as well as integrated earlier customer-requested patches.
All currently supported hardware (not the old FW1190/S19), and the
Software SIParator/Firewall (after switching hypervisor support to 64 bit, in
case of the previous 32 bit). We recommend everybody to upgrade.

THE MAJOR 6.0.X NEW FUNCTIONS AND FEATURES ARE:

* WebSockets and Secure WebSockets WS/WSS are now supported for SIP Transport
allowing web browser based SIP clients and popular often open ports 80 for HTTP
and 443 for HTTPS to be used.

* A general high capacity media proxy supporting transcoding of WebRTC type of
media (DTLS-SRTP) to SIP type of media (RTP/SRTP), using ICE or not, and
RTCP-MUX termination. 

This allows the SIParator (including its SIP Proxy and SIP Registrar etc.) to
be used in demanding WebRTC to/from SIP Gateway services with over 10 000 voice
media sessions capacity, currently only limited by CCS session licenses (which
may change). (TURN Support and more WebRTC related functions are in progress.)

* Full IPv6 support, for SIP and other functionality including VPN and general
firewall functions.

* All Transports: UDP, TCP, TLS, WS, WSS can independently be used for SIP
signaling passing the SIParator SIP Proxy Interfaces, using IPv4 or IPv6.

* Media is independently converted between IPv6 and IPv4 (through the media
proxy), if required.

* Further strengthening the already powerful firewall data and SIP security and
protection capabilities, especially for large cloud SIP and WebRTC services
where TLS and WSS are used:
- CPU saturation protection and multi core SSL initialization offload (very
resilient for DOS/DDOS attacks).
- Brute Force SIP Authentication protection now also active with
SIParator/Firewall in SIP Proxy pass-through mode and protection enhanced by
silence timer. 
- Enhanced SIP IDS/IPS protection, with installed and customer extendable rule
pack and SIP signaling rate limiting in two levels (IP address and regular
expression match, allowing enterprises with many users signaling from the same
IP address). 

This magnitude increase in protection and privacy of SIP and WebRTC signaling,
combined with up to 20,000 media sessions or 10,000 WebRTC – SIP transcoding
media sessions (as well as built-in SIP registrar for 100 thousands of users),
makes the SIParator ideal for the largest cloud services. 

The SIParator GUI Help texts may reveal further details.

Below are the notes for the 6.0.1 --> 6.0.2 improvements only.
The notes for the above described 5.0.11 --> 6.0.1 enhancements are found here.

* SIP related issues **************************************************

*** Fix configuration error when using the interop settings:
    "Hide our Record-Route header for all SIP servers"
    "Remove Via Headers for all SIP servers"
    [Tracking ID: 5478]

*** The IDS/IPS Logical negation operator didn't work properly.
    [Tracking ID: 5479]

*** Update media destination when using the setting
    "Reuse port numbers".

*** ;b2buawm didn't work when used in the "Reg Expr" field in
    "Dial Plan" > "Forward To".
    [Tracking ID: 5481]

*** Fix sips handling for Remote Users together with the B2BUA.
    [Tracking ID: 5482]

*** Change interop setting "Use Call-ID when comparing endpoint SDPs"
    to "Use session identifier when comparing endpoint SDPs".
    [Tracking ID: 5483]

* Other issues ********************************************************

*** Old 5.0.x network packet logs didn't show up after upgrade.
    Only applies to units with permanent log storage.

*** Change from Pre-Shared Key (PSK) to X509 Certificate.
    Fix traceback when changing from PSK to X.509 certificate on
    an IPsec Peer.
    [Tracking ID: 5477]

*** Add support for cloud services 'openstack' and 'azure'.

*** The DHCP client now supports and uses the option 'interface-mtu'.