Softpedia >Windows >Security >Firewall >CacheGuard OS NG >  Changelog

CacheGuard OS NG Changelog

What's new in CacheGuard OS NG UF 2.2.1

Apr 9, 2024
  • The installation program has been fixed to allow an installation from a USB memory stick.
  • The firewall has been improved to support the SIP protocol.
  • The bug which prevented the restore operation since the UF-2.0.1 OS version has been fixed.
  • The reverse Web mode has been enhanced to allow configurations in which backend Web servers (real hosts) are accessed via the external network interface or via site to site IPsec VPN tunnels established with the system. In addition, the reverse Web proxy can now communicates with real hosts. As a consequence, the syntax of the rweb command has been changed (see the rweb host usage form). In case where the appliance is upgraded using a patch, the rweb interface and the http protocol are used for existing configurations.
  • The installation program has been enhanced to support an installation on a machine with only 512 MB of RAM.
  • The size of the installation CDROM image has been reduced.
  • The PXE installation program has been enhanced to support UEFI based machines (64 bits only).
  • Some minor bugs have been fixed.

New in CacheGuard OS NG UF 2.1.3 (Jan 25, 2024)

  • The Web access module has been fixed to allow clients that are connected via the 802.1q pseudo interfaces (in VLAN mode) to use the embedded Web proxy.
  • The firewall command has been improved to allow the modification of default limits for DoS (Denial of Service) attack. See the firewall dos command for further information.
  • The default maximum number of TCP new connections (SYN) per source IP address has been raised. New default values can be obtained using the firewall dos command.
  • The access command has been improved to allow the specification of 802.1q pseudo interfaces in Web access rules (see the access web command).
  • In absence of any other specifications, a blank manager template is now initialised with a default system CA certificate and a default server certificate.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG UF 2.1.1 (Dec 2, 2023)

  • The OS has been adapted to suit Microsoft Azure (TM) and Amazon AWS (TM) clouds requirements.
  • The installation program has been improved to detect NVMe and virtual block based disks.
  • Default associations between physical and logical network interfaces have been changed on a gateway system. Now by default, the external interface is associated to eth0 and the internal interface is associated to eth1.
  • The generated system CA certificate during the first appliance start-up, is now properly installed.
  • Admin access management has been fixed to properly allow newly added IPs.
  • The password command has been enhanced with the possibility to modify both the console and Web administration passwords in a single operation.
  • The installation program has been enhanced to support machines with 68 bits UEFI.
  • The Linux kernel has been upgraded to the version 4.19.288.
  • The ssh password authentication can now be disabled (see the admin ssh password command).
  • The bug that blocking explicit log rotations in case where the web (or tweb ) mode is deactivated, has been fixed.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG UF 2.0.2 (Mar 26, 2023)

  • The waf command has been fixed to do not erase the bypass application set for a website in case where the bypass rule list is erased for that website.
  • The WAF Auditing module has been fixed to properly decode HTML encoded data in POST requests.
  • The system report service command has been fixed to display the DNS server state.
  • Now the DNS server can be queried even if the web and tweb are both disabled.
  • The appliance access manager has been fixed to take into consideration override names setup with the ip name command. In addition, in case of any modification in override names, the Firewall and QoS are restarted.
  • The rweb site del... command has been fixed to do not remove back end Web servers associated to a website in case where the deleted website name will remain present for another protocol (http or https). The fix has been also applied to other configuration related to reverse websites (rweb via..., waf rweb...).
  • The Web GUI automatic logout has been fixed.
  • Now the apply check command displays possible warnings.
  • The routing issue via the auxiliary network interface has been fixed.
  • The firewall rules management module has been fixed to do not apply the default policy to new connections incoming from the internal zone in case where the VLAN mode is deactivated and rule sets other than the web rule set are not empty.
  • The fragmentation has been disable in the IPsec VPN server in order to bypass third party firewalls that block fragmentation.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG UF 2.0.1 (Mar 25, 2023)

  • A new command called manager have been added to the system to manage remote gateways. To use this command, the OS should be installed as a manager system (as opposed to a system installed as a gateway system).
  • The Linux kernel has been upgraded to the version 4.19.231.
  • All open source packages have been upgraded to their latest versions and have been rebuild from scratch using latest GNU C library (glibc-2.35) and GNU C compiler (gcc-11.2.0).
  • The new usage form system report connection has been added to the system command to display the number of active connections with the appliance.
  • The new usage form system report antivirus has been added to the system command to display the status of the last automatic antivirus signatures update.
  • The apply reporting has been fixed to report 100% (instead of 99%) when the antivirus update is fully completed.
  • Trusted CA certificates have been updated from Mozilla as of: Thu Sep 30 21:39:27 2021 GMT. The OS has been enhanced to automatically update trusted CA certificates once a month.
  • The system has been upgraded to support TLS 1.3.
  • The maximum period for log retentions has been modified from 365 to 366 days (available during installation only).
  • Some basic open source software have been upgrade to their latest stable versions.
  • The tls command has been enhanced to allow the generation of certificates that do not use OCSP.
  • The tls server and tls ca command usage forms of the tls command have been changed to be uniform with the tls client usage form.
  • The syntax of tls command has been changed. Now to manage server certificate the server keyword should be systematically used as the first argument. To manage the system CA components (certificate and key) the system keyword should be specified after the ca keyword. To manage third party CA certificate the third keyword should be specified after the ca keyword. To import third party CA certificate, the load keyword replaces the import keyword.
  • The apply command has been modified to automatically generate new TLS objects in case where explicit TLS generations or loadings are note invoked.
  • Restricted administrator users can now be deleted properly without generating an error during the apply operation.
  • The syntax of the admin command has been changed for SSH key management. Now an identifier should be associated to an SSH key first. Then, its content can be loaded from a trusted file server.
  • Now, the first time a new restricted administrator is logged in, he/she is invited to modify his/her password.
  • The cancel command can now be invoked by restricted administrator users without generating any errors.
  • OWASP Core Rule Set (CRS) has been upgraded to its latest version (3.3.2). This involves the renaming and renumbering of generic filters.
  • CAUTION: the syntax of the waf has been modified as follows: "waf rweb bypass" becomes "waf rweb bypass rule". Also generic WAF filters has been renamed and renumbered. If your configuration includes the bypass of some generic rules in order to avoid false positive matches, you are invited to review your configuartion. Please refer to the documentation for further details.
  • Now the blocking of Web requests/responses by the WAF is based on an anomaly scoring principal. Please refer to the documentation for further details.
  • The WAF module has been enhanced to offer the following functionality: blocking of DoS (Denial of Service) attacks, blocking of requests based on IP reputation, blocking of requests coming from a particular country, bypass of generic filters based on the type of the application (WordPress, Drupal...). Please refer to the documentation for further details.
  • The logging has been enhanced to allow the activation or deactivation of logging on remote syslog servers as per the type of traffic (see the command log).
  • The syntax of the authenticate... command has been slightly changed. Please refer to the documentation for details.
  • The ip, access and vpnipsec commands have been improved to accept IP addresses in CIDR notation (in the form <ip/prefix> instead of <ip> <netmask>).
  • The limitation associated to the IPsec VPN usage in a multi WAN configuration has been removed. Now it is possible to route IPsec traffic via a master gateway and automatically switch the routing via a backup gateway in case of a failure on the master gateway. See the vpnipsec command manual for further information.
  • A new command called file has been added to the system to load or save all files related to the configuration in a single operation.
  • The rights of restricted administrator users have been changed. Now restricted administrator users can only read (consult) the system configuration. Restricted administrator users are now called unprivileged administrator users (refer to the admin command for further information).
  • The traceroute command has been added to the system.
  • The association of multiple client SSL certificates to the SVMP-v3 user name has been removed from the system (now only one client SSL certificate can be associated to the SVMP-v3 user name). See the admin command for further information.
  • The management of TLS chain certificates has been modified. Now when defining an HTTPS reverse website, you have the possibility to specify an intermediate CA certificates. Please refer to the tls and rweb commands for further information.
  • The system integrity checking has been modified to allow the deactivation of web, tweb and rweb modes at the same time.
  • The CacheGuard-OS License Agreement has been upgraded to version 2.5 to include OS installation as a manager system.
  • Lots of minor bugs have been fixed.

New in CacheGuard OS NG EH 1.5.5 (Apr 21, 2021)

  • The QoS controller has been fixed to properly shape the the traffic on the external and auxiliary interfaces when the VLAN mode is activated.
  • The system has been improved to avoid any latency in web browsing during the antivirus update process. This requires about 1280 KB of additional RAM so a RAM upgrade may be needed on the target machine.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG EH 1.5.4 (Mar 17, 2021)

  • The issue that was slowing down the AV signatures downloads has been fixed.
  • TCP communications have been tuned to get better performances.
  • The proxy, VPN and antivirus basic packages have been upgraded to their latest stable versions.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG EH 1.5.3 (Feb 12, 2021)

  • The installation program has been fixed to include all required SCSI drivers in the boot loader initial RAM disk.
  • The access control module has been fixed to properly allow administration accesses when the VLAN mode is activated.
  • The installation module has been fixed to detect VirtIO devices.
  • In order to comply with the RFC 5280, the "OCSP Signing" Extended Key Usage has been removed from generated X509v3 certificates (only the "TLS Web Server Authentication" Extended Key Usage is kept).
  • Some minor bugs have been fixed.

New in CacheGuard OS NG EH 1.5.1 (Nov 1, 2020)

  • The IPsec VPN support has been added to the system and a new command called vpnipsec has been added to manage IPsec VPNs. Both site to site (site) and remote access VPN configurations are supported. The embedded forwarding Web proxy and resources behind the embedded firewall can securely communicate via the IPsec VPN.
  • The Linux kernel has been upgraded to the version 4.9.230 and all drivers have been upgraded to support the latest hardware in the market.
  • The reporting in the Web GUI dashboard has been fixed to properly refresh all reports (including reports on NICs and disks).
  • The system report cpu usage form of the command system has been replaced by system report load.
  • The tls command has been enhanced to allow the loading of a CSR file in order to generate signed certificate by the system's CA certificate. With this enhancement the system can now act as a mini PKI.
  • When a CA certificate is added to the system it is automatically considered as a trusted CA for Web browsing. Now it possible to do not trust a CA certificate for browsing by specifying the optional off argument when adding the CA certificate with the command tls. In this case the CA certificate can only be for other purposes (such as the VPN server).
  • The authenticate ldap certificate usage form of the command authenticate has been removed. If an LDAPS server SSL certificate has to be verified against a CA certificate, the CA certificate should be imported first using the command tls and then the CA certificate verification can be activated using the authenticate ldaps ca ... command. In case where the system is upgraded using a patch, an existing LDAPS CA certificate is purged and then it should be configured again manually.
  • The authentication type for SNMP-v3 user has been changed from SHA-1 to SHA-256.
  • The md5 and sha (for SHA-1) authentication hash functions are no longer allowed for SNMP-v3 traps. Allowed authentication hash functions are now: sha256, sha384 and sha512.
  • Access policies to (from) the appliance from (to) remote networks/hosts have been reinforced by the specification of the involved network interface. Therefore, the syntax of the access command has been changed. In case where the system is upgraded using a patch, an access entry for every interface is added to the system and access policies should probably be reviewed after having patched the system.
  • When defining a transparent network with the command transparent, the network interface from which traffic are transparently caught should be specified now. In case where the system is upgraded using a patch, the same transparent network is added for every interface and transparent networks should probably be reviewed after having patched the system.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG EH 1.4.2 (Jun 30, 2020)

  • The ICAP service not restarted with the previous patch is restarted to properly handle the brotli compression format.
  • The tls command has been enhanced to allow you to create client certificates signed by the system's CA certificate. Client certificates can be used to authenticate VPN clients (VPN features are coming soon).
  • >The tls ca command can now be used to add and import an intermediate CA as well as a root CA.
  • Self signed SAN certificates generation has been fixed to properly generate a self signed certificate and not a CA certificate.
  • Certificates can now be revoked with the command tls.
  • An OCSP (Online Certificate Status Protocol) responder has been added to the system. You can use the commands tls and port to configure it. Use the command mode to activate it.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG EH 1.4.1 (Jun 11, 2020)

  • A new mode called tnat (for transparent NAT) has been added to the system. When the tnat mode is deactivated,Web traffic in transparent mode go to the Internet with their real IP addresses (and are not source NAT with the appliance's external IP address).
  • The transparent mode activation has been moved from the "[GENERAL]/[Main Settings]/[Main Features]" page to the "[NETWORK]/[Main Settings]/[Network Services]" page in the Web GUI.
  • The transparent command has been enhanced to take into account the QoS for traffic exchanged via the auxiliary interface.
  • The DNS has been fixed to properly listen on VRRP IP addresses.
  • The proxy configuration has been fixed to add the X-Forwarded-For header to all HTTP(S) requests if at lease one next peer is configured.
  • The maximum period for log retentions has been modified from 31 to 365 days (available during installation only).
  • Internal access policies have been modified to allow the connect method to ports 1024-49151 (in addition to the port 443) from the forwarding proxy
  • The CSR and signed certificate generation programs has been fixed to properly handle Certificate Signing Requests and CA signed certificates for SAN certificates.
  • Failed login via the Web GUI are now logged and reported with SNMP traps and syslog alerts.
  • Some additional ciphers has been added to the SSH server. This command prints a report on the current running operation in background. The Web GUI has also been enhanced with an animated icon to show the current running operation.
  • A new command called job has been added to the system.
  • Now the antivirus uses HTTPS instead of HTTP to download virus signatures.
  • Reports displayed in the Web GUI dashboard are now automatically updated.
  • The option report has been added to the qos to print a report on the traffic managed by the QoS controller.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG EH 1.3.8 (May 21, 2020)

  • A new mode called tnat (for transparent NAT) has been added to the system. When the tnat mode is deactivated,Web traffic in transparent mode go to the Internet with their real IP addresses (and are not source NAT with the appliance's external IP address).
  • The transparent mode activation has been moved from the "[GENERAL]/[Main Settings]/[Main Features]" page to the "[NETWORK]/[Main Settings]/[Network Services]" page in the Web GUI.
  • The transparent command has been enhanced to take into account the QoS for traffic exchanged via the auxiliary interface.
  • The DNS has been fixed to properly listen on VRRP IP addresses.
  • The proxy configuration has been fixed to add the X-Forwarded-For header to all HTTP(S) requests if at lease one next peer is configured.
  • The maximum period for log retentions has been modified from 31 to 365 days (available during installation only).
  • Internal access policies have been modified to allow the connect method to ports 1024-49151 (in addition to the port 443) from the forwarding proxy
  • The CSR and signed certificate generation programs has been fixed to properly handle Certificate Signing Requests and CA signed certificates for SAN certificates.
  • Failed login via the Web GUI are now logged and reported with SNMP traps and syslog alerts.
  • Some additional ciphers has been added to the SSH server. This command prints a report on the current running operation in background. The Web GUI has also been enhanced with an animated icon to show the current running operation.
  • A new command called job has been added to the system.
  • Now the antivirus uses HTTPS instead of HTTP to download virus signatures.
  • Reports displayed in the Web GUI dashboard are now automatically updated every 10 seconds.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG EH 1.3.7 (May 29, 2018)

  • The CacheGuard-OS License Agreement has been upgraded to version 2.4.
  • The bug making the main proxy to crash while the web mode is deactivated has been fixed.
  • The system end command has improved to display the scheduled state when the subscription renewal is scheduled for the next day.
  • A new command named keyboard has been added to the system. This command allows you to set the console key map.
  • The installation module has been improved to allow the creation of partitions larger than 2TB.
  • The SNMP agent has been enhanced to give SSDs lifetime.
  • The ip command has been fixed to do not allow names for pinged servers in static routes.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG EH 1.3.6 (Mar 11, 2018)

  • The Web proxy default access rights have been modified to allow the "PATCH"" method in both forwarding and reverse modes
  • The waf command has been enhanced to offer the possibility to globally allow or deny the "PATCH" method as an insecure HTTP method
  • Custom WAF rules has been extended to support the "PATCH" HTTP method
  • The apply command has been fixed to properly check the integrity of destination NAT rules and do not erroneously produce the error 212
  • The internal firewall rules have been fixed to properly allow DHCP request broadcasts and lease renewals
  • The dhcp report command has been fixed to display DHCP lease end times in local time instead of UTC time
  • Some minor bugs have been fixed

New in CacheGuard OS NG EH 1.3.5 (Jan 9, 2018)

  • The antivirus module has been enhanced to bypass a white list of domain names. Therefore the antivirus whitelist usage form of the command antivirus has been modified to allow you to define a white list of domain names as well as a white list of virus signatures.
  • The Web proxy default access rights have been modified to allow the PUT", "DELETE" and "TRACE" methods in both forwarding and reverse modes.
  • The setup command has been enhanced to use dialogues boxes.
  • The dialogue box version of the setup command has been enhanced to allow you to set the timezone in the virtual edition.
  • The virtual edition has been enhanced to set the console keyboard layout during the first startup.
  • The bug making the guarding module to crash with some malformed URLs has been fixed.
  • The textual configuration view in the Web GUI has been improved to have a more user-friendly representation of the whole configuration.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG EH 1.3.4 (Sep 18, 2017)

  • Communication between the appliance and the patch download service has been switched from HTTP to HTTPS.
  • Communication between the appliance and the subscription/registration service has been enhanced to support HTTPS.
  • Custom WAF rules have been enhanced to allow the specification of more than one HTTP method separated by the pipe character.
  • The waf command has been enhanced to offer the possibility to globally allow or deny insecure HTTP methods such as "PUT", "DELETE", "CONNECT" and "TRACE".
  • Some minor bugs have been fixed.

New in CacheGuard OS NG EH 1.3.3 (Sep 4, 2017)

  • The bug that prevented caching big objects has been fixed.
  • ICP (RFC 2187) has been replaced by HTCP (RFC 2756) for communications between cache peers.
  • The dns command has been enhanced to allow the explicit resolution of all names to IPs.
  • Custom WAF rules has been extended to support the "PUT", "DELETE", "CONNECT", "OPTIONS" and "TRACE" HTTP methods.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG EH 1.3.2 (20 July 2017) (Jul 20, 2017)

  • The Web cache is no longer cleared after the antivirus activation.
  • The RAM vs HDD capacities tuning has been improved to have better performance for the caching.
  • The memory consumption for the caching has been improved and the usage of the available persistent cache has been reviewed accordingly.
  • Due to the instability of the compress mode while combined with the antivirus mode, the compress mode is automatically disabled for forwarding web traffic when the antivirus mode is activated. This fix should be considered as a workaround before the complete resolution of the issue in future releases.
  • The bug that prevented saving logs has been fixed.
  • The bug that prevented activating the DHCP server has been fixed.
  • Due to a high number of InvalidState and IllegalSyn rejected TCP packets on networks, rejected InvalidState and IllegalSyn TCP packets are no longer logged.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG EH 1.3.1 (29 June 2017) (Jun 29, 2017)

  • The antivirus module can now be used as a service by external systems such as an MTA (Mail Transfer Agent).
  • The antivirus module has been enhanced with the possibility to integrate a white list of virus names to eliminate false positive matches.
  • The authentication mode has been upgraded to support the Kerberos protocol.
  • The system report usage form has been enhanced to print the total number of blocked or allowed contents.
  • The WAF has been enhanced to offer the possibility to expose original HTTP error messages generated by backend Web servers.
  • The time format in all logs has been changed to be compliant with the RFC3339 (with the caveat that the time offset format may not be respected for some logs).
  • The compression module has been fixed to properly compress javascript files.
  • The embedded firewall has been enhanced to protect against UDP flood attacks.
  • The CA certificate bundle has been updated to its latest version.
  • The subscription system has been fixed so the renewal of an expired subscription takes into account the date of purchase as the start date. In this case, the renewal is done for the given period rounded to the nearest whole day.
  • The subscription system has been fixed so the reactivation of a suspended appliance is completed without errors.
  • The dashboard layout has been enhanced.
  • A Donate button has been added to the Web GUI of the free edition in order help us to maintain CacheGuard-OS and and develop new features
  • The trial period has been extended from 15 to 21 days.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.2.6 (29 December 2016) (Jan 17, 2017)

  • The upgrade from v1.2.4 to v1.2.5 by applying a patch has the side effect that some processes swap on disk. This issue has been fixed by applying a patch to upgrade to the present version. Please note that for the v1.2.5, CacheGuard-OS requires a minimum of 1 GB of RAM to activate the antivirus mode. Therefore if the antivirus mode is activated on an appliance running under the v1.2.5, the applying of the patch may require upgrading the RAM on the target machine. Otherwise the appliance may stop working properly.
  • Version NG 1.2.5 (21 December 2016)

New in CacheGuard OS NG NG 1.2.5 (21 December 2016) (Jan 17, 2017)

  • A workaround has been added to the system to resolve the inability of some Microsoft (TM) OS's to download updates while the compress mode is activated.
  • The upload of a local configuration file from the Web GUI has been fixed to support Web browsers other than Firefox.
  • The Web GUI has been upgraded to support Microsoft (TM) IE11.
  • The antivirus basic module has been upgraded to its latest version.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.2.4 (20 October 2016) (Jan 17, 2017)

  • The firewall and access control modules have been fixed to support the active FTP protocol with a data port other than 20 (in EPRT and PORT mode).
  • The forwarding proxy has been modified to allow the HTTP method OPTIONS. However the method OPTIONS remains denied for reverse websites.
  • The CacheGuard logo has been slightly modified.
  • The command conf save has been fixed to properly save authentication modes.
  • Network diagrams in the User's Guide have been enhanced.
  • The dashboard in the Web GUI has been enhanced to display the available OS updates and the end of the system subscription.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.2.3 (11 September 2016) (Jan 17, 2017)

  • The free edition has been limited to 5 users in forwarding mode and 3 users in reverse mode.
  • The syntax of the command register has been modified according to the new licensing terms.
  • The SSL mediation has been modified to allow the usage of 3DES algorithm to encrypt data between the system and target HTTPS servers.
  • The syntax of the usage form authenticate mode in the authenticate command has been changed.
  • The automatic loading of a URL list has been improved so in the case where a URL list has never been loaded, it is entirely loaded from scratch.
  • The bug in the Web GUI that prevented adding new SNMP traps has been fixed.
  • The installation program has been fixed to properly generate the default and CA certificates.

New in CacheGuard OS NG NG 1.2.2 (2 June 2016) (Jan 17, 2017)

  • A critical bug fix related to the basic forwarding proxy module has been integrated into the system. The bug made the appliance totally unstable.
  • The bug that prevented to start the integrated DHCP server has been fixed.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.2.1 (02 May 2016) (Jan 17, 2017)

  • The command guard has been enhanced with the possibility to update an existing rule without changing its order in the guard list.
  • The CLI has beed enhanced with the possibility to move an element in an ordered list. Commands in question are: ip, guard, qos and firewall.
  • The Web GUI has been fixed to not change the order of a guard rule in the guard rule list when its associated URL lists are updated.
  • The Web GUI has been fixed to not erase the list of URL lists associated to a guard rule when the order of that rule is modified in the guard rule list.
  • The redirection to an error page has been fixed in the guarding module to work properly in conjunction with the SSL mediation module.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.2.0 (06 April 2016) (Jan 17, 2017)

  • An SSL mediation (sometimes called inspection) mode has been added to the system. This mode allows you to cache HTTPS traffic and/or block unwanted contents in HTTPS traffic. The command mode has been updated to allow you to activate this new feature (mode sslmediate on) and the new command sslmediate has been added to the system in order to configure the SSL mediation module.
  • A new command named urllist has been added to the system. This command replaces the guard category command usage form. URL lists can be used by the command guard but also the new command sslmediate.
  • The IP routing has been enhanced to support the usage of multiple gateways to route the traffic to the same network.
  • The Linux kernel has been upgraded to the latest stable version.
  • Concurrent accesses to loaded files have been improved to avoid any file overwriting.
  • The system patching has been improved to load patches directly from official CacheGuard servers.
  • A download progress bar has been added to backup management and patching pages in the Web GUI.
  • The installation program has been enhanced to detect USB Ethernet adapters.
  • All major basic modules have been upgraded to their latest versions.
  • The access command documentation has been fixed (removal of rweb access).
  • Some network activity reporting has been added to the system.
  • A dashboard has been added to the Web GUI.
  • The udpeer and tcpeer ports have been respectively renamed to icppeer and httppeer.
  • The SFTP is now supported to load/save files.
  • Some default port numbers have been changed.
  • Some minor errors have been fixed in the documentation.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.1.5 (03 December 2015) (Jan 17, 2017)

  • The value of the "X-Forwarded-Proto" header which is added to requests sent to backend Web servers (in reverse mode) has been fixed as follows: the value "http" or "https" is set depending on whether the client used HTTP or HTTPS to connect to cloaked Web servers.
  • The command system has been enhanced to display the CPU architecture (32 or 64 bits).
  • The patching system has been fixed in order to avoid the applying of the same patch more than once.
  • The patching system has been fixed in order to create new empty directories.
  • The guard management module has been fixed to update guard rules when a guard policy is deleted.
  • The bug in the HA module that blocks the AH protocol used to authenticate HA nodes has been fixed.
  • The firewall module has been fixed to not block IGMP snooping when the HA mode is activated.
  • The bug that makes erroneous ARP announcements in HA mode has been fixed.
  • Internal firewall rules have been reinforced.
  • The logging of denied IP packets has been enhanced to report information about the rejection reason.
  • The antivirus basic module has been upgraded to its latest version.
  • The firewall basic module has been upgraded to its latest version.
  • Some minor enhancements have been done.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.1.4 (10 October 2015) (Jan 17, 2017)

  • The bug introduced in version 1.1.3 that prevented to automatically update guard categories has been fixed.
  • The security of the VRRP has been enhanced.

New in CacheGuard OS NG NG 1.1.3 (05 October 2015) (Jan 17, 2017)

  • The reverse Web mode has been enhanced to allow the specification of a port number and QoS for backend Web servers. After having applied a patch the default port and QoS will respectively be 80 and 100. Therefore the syntax of the command rweb has been modified for the usage form rweb host.
  • The usage form access rweb of the command access has been suppressed.
  • The reverse Web load balancing has has been enhanced to allow the specification of a session cookie generated by Web applications running on backend Web servers. Therefore the syntax of the command rweb has been modified for the usage form rweb balancer.
  • The bug making the guarding policy inconsistent when one of its guard filters has been deleted has been fixed.
  • The bug making the configuration of patched system inconsistent after a factory reset has been fixed.
  • The HA basic module has been upgraded to its latest version.
  • The authentication module has been expanded with a test option.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.1.2 (02 September 2015) (Jan 17, 2017)

  • The CacheGuard OS License Agreement has been updated to version 2.1
  • IPV6 has been disabled in the Linux kernel.
  • The issue to access via the HTTPS proxy to the https://outlook.office365.com website (and similar websites that preferably use IPV6 IP addresses) has been resolved.
  • The LDAP authentication module has been optimized so all communications with LDAP servers are forced to use IPV4 only.
  • The authentication module has been enhanced to allow LDAP binding during the basic authentication phase instead of comparing the entered password to a predefined password attribute.
  • The authentication module has been fixed to allow distinguished names containing white spaces. In the case where the OS is upgraded using a patch the authentication LDAP request should be redefined (see the command authenticate ldap request).
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.1.1 (01 August 2015) (Jan 17, 2017)

  • The firewall has been fixed to properly manage other protocols than TCP and UDP.
  • The IPv6 has been added to the list of supported protocols by the firewall.
  • The TLS component management module has been optimized in order to avoid restarting some services when it's useless.
  • The bug making a custom WAF rule inconsistent when it contains a star has been fixed.
  • Some minor bugs have been fixed in the Web GUI.

New in CacheGuard OS NG NG 1.1.0 (13 July 2015) (Jan 17, 2017)

  • Note: Please note that to upgrade from version NG 1.0.15 to version NG 1.1.0 you should first apply a patch to upgrade to the version NG 1.0.16. Therefore you would be able to upgrade from version NG 1.0.16 to version NG 1.1.0.
  • The installation program has been fixed to report warnings in respect to setup configurations.
  • The reverse mode has been enhanced for HTTPS websites to add an "X-Forwarded-Proto http" header to HTTP requests sent to backend Web servers (useful for some known applications)
  • The apply command manual has been completed to give additional information in respect to errors reported during the process of checking the RAM capacity.
  • A RAM upgrade is now automatically applied after a reboot.
  • The command system soft has been enhanced to check for new updates.
  • The bug in the command conf which caused the saving of wrong values for the QoS attached to "tweb internal" queue been fixed.
  • All commands that use a network name parameter (such as access or rweb) have been enhanced to check if the given name is a FDN (Full Distinguished Name).
  • The syntax of WAF rules defined in a flat file has been changed. The keyword regexp has been replaced by uri and body. A new feature has been added to WAF rules to allow filtering based on source IP addresses. The keyword ip holds this position.
  • The DHCP server has been modified to configure DHCP clients with a Web proxy based on the proxy PAC file (ha.pac) delivered by the system.
  • A new feature has been added to the WAF to allow you to bypass false positive matches.
  • The OWASP rule set for the WAF has been upgraded to its latest version.
  • The CacheGuard logo has been modified.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.0.16 (13 July 2015) (Jan 17, 2017)

  • Note: Please note that no OS has been released for this version but only patch files.
  • The patching program has been fixed in order to properly patch the configuration DB

New in CacheGuard OS NG NG 1.0.15 (9 May 2015) (Jan 17, 2017)

  • The SNI (Server Name indication) support has been added to generated SSL certificates. Therefore more of the same IP address can be shared by multiple HTTPS websites.
  • The TLS/SSL support has been hardened to ensure a higher security level.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.0.14 (28 January 2015) (Jan 17, 2017)

  • The bug that causes incorrect dimensioning of the antivirus capacity has been fixed. To fix this issue you should reinstall the appliance as there is no available patch to address this issue (unless you have a support contract).
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.0.13 (22 January 2015) (Jan 17, 2017)

  • The high availability management module has been enhanced to not change the state (failover or active) of a system in HA mode after an apply operation.
  • The installation program has been enhanced to report paying configurations.
  • The command conf has been fixed to properly manage the transparent port configuration (port thttp).
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.0.12 (29 December 2014) (Jan 17, 2017)

  • The bug making the guards auto update to crash in case of a communication problem with a file server has been fixed.
  • The antivirus basic module has been upgraded to its latest version.
  • The automatic logout problem in Web GUI has been fixed.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG NG 1.0.11 (24 November 2014) (Jan 17, 2017)

  • The bug introduced in version 1.0.10 that prevented having more than one reverse website associated to the same IP address has been fixed.
  • The bug introduced in version 1.0.10 that prevented activation of the web server when the reverse website list contains HTTPS websites has been fixed.
  • Generic WAF rules associated to a reverse website are reset when a reverse website is deleted.
  • The rweb mode has been enhanced to redirect HTTP to HTTPS for HTTPS reverse websites (if the IP address associated to HTTPS website is used for an HTTP website).
  • The bug that makes the reverse website list unsorted after deleting and adding a new website has been fixed.

New in CacheGuard OS NG NG 1.0.10 (17 November 2014) (Jan 17, 2017)

  • The reverse website module has been enhanced to deny attempts to access to website names that are not explicitly defined in the system.
  • The configuration saving module has been fixed to properly save all generic WAF rules.
  • The bug preventing the main proxy to start when the transparent mode is deactivated has been fixed.
  • SSH keys management has been improved.
  • Some minor display issues have been fixed in the Web GUI.

New in CacheGuard OS NG NG 1.0.9 (31 October 2014) (Jan 17, 2017)

  • The apply operation has been improved to ensure that in a High Availability configuration, master IP addresses are owned by an appliance once all functional services have been started on that appliance.
  • The Web GUI has been fixed to properly insert, add and remove elements in lists in the same submitted operation (for firewall rules for instance).
  • The Web GUI has been fixed to allow you to enter a six digit value for the maximum cached object size (cache-maxobject.apl page).
  • The bug that prevents activation of the firewall in the following two conditions has been fixed: a non empty auxiliary firewall rule set and the auxiliary network interface not bound to a physical NIC.
  • The bug producing an "illegal instruction" error in some virtualization systems has been fixed.
  • The console port attached to a serial port is no longer activated if the target machine doesn't have a serial port during the installation.
  • The Web proxy accessibility has been modified to allow web traffic incoming from all network interface devices but the external interface.
  • The transparent feature has been changed to transparently catch Web traffic incoming from all network interface devices but the external interface. In previous versions, only Web traffic incoming from the internal interface (web interface in vlan mode) were caught.
  • The configuration saving process has been fixed to properly save new guard auto update configurations.
  • The traffic shaper module has been improved to allow Web traffic shaping exchanged with the auxiliary network interface.
  • Web GUI pages to save or load the configuration have been regrouped in the same page and improved to allow saving/uploading the configuration to/from the local machine.
  • The bug in the gui/transparent.apl page that blocks post and reload content operations has been fixed.
  • The Web GUI for the page gui/qos-shape-gateway.apl has been enhanced with tabs.
  • In the Web GUI, font sizes have been reduced and all icons in the top bar have been grouped to the left.
  • The caching system has been enhanced to allow the caching of objects greater than the configured max object size for a limited part of the persistent cache.
  • The syntax of the command cache has been changed to configure a lower and upper size limit for cached objects.
  • A new MIB definition has been released for the SNMP agent to include the size of the reserved area on the persistent cache for very big objects.
  • The bug that prevents installation of the OS on a Microsoft (TM) Hyper-V VM has been fixed.
  • The bug that drops default traffic in case of an empty shaping rule set for routed traffic has been fixed.
  • The QoS rule compilation for reverse websites has been optimized.
  • The bash shellshock vulnerability has been fixed.
  • Some other minor bugs have been fixed.

New in CacheGuard OS NG NG 1.0.8 (24 September 2014) (Jan 17, 2017)

  • The Web Auditing GUI has been fixed to properly display post arguments without evaluating html tags.
  • The cache size and memory usage tuning has been reviewed according to recent statistics.
  • The installation program has been enhanced to allow the deactivation of some features that require lots of storage space on disk. This allows you to install the system on machines with low storage capacity.
  • The bug related to the premature display of the termination message of some system operations has been fixed.

New in CacheGuard OS NG NG 1.0.7 (11 September 2014) (Jan 17, 2017)

  • The Web GUI has been improved to allow the displaying of long list in different pages.
  • The bug that prevents applying custom WAF rules has been fixed.
  • The configuration saving has been modified to save restricted administrator users. The saving is limited to login names only (passwords and configurations related to each restricted administrator are not saved).
  • In order to ensure command syntax coherency the keyword raz has been replaced by clear in the waf rweb custom command usage form.
  • Some other minor improvements have been added to the system to manage the configuration.
  • Some other minor bugs have been fixed.

New in CacheGuard OS NG NG 1.0.5 (7 August 2014) (Jan 17, 2017)

  • The High Availability module has been improved to ensure that master IP addresses are owned by an appliance once all functional services have been started on that appliance.
  • The email syntax checking has been fixed to allow the usage of dash in an email address.
  • The reporting of the antivirus last update date has been fixed to display the actual date.
  • The configuration settings present in the form of a list have been modified in two ways: lists are kept sorted if the order of elements in the list is not significant. TLS objects and guard categories are some examples of those lists. For ordered lists like firewall rules and shaping rules for routed traffic, the keyword insert: has been added to the related management commands to allow the insertion of and element before another one. This avoids to have to save, edit and load the configuration settings.
  • The Web GUI has been improved to allow the insertion of elements in lists subject to insertion. The look and feel of pages managing those list has also been improved.
  • The firewall command has been change to allow the definition of rules with any as the output network interface.
  • In order to avoid a false positive rule matching by the configured WAF for the Web GUI, tftp has been renamed to trivial_ftp in the command firewall.

New in CacheGuard OS NG NG 1.0.4 (29 July 2014) (Jan 17, 2017)

  • A critical bug regarding the activation of VLANs and bonding interfaces making the appliance inconsistent and out of service has been fixed (bug introduced in error in the precedent version).
  • The timezone setting during the installation has been taken again into account (bug introduced in error in the precedent version).
  • The firewall configuration has been modified to give higher priority to NAT rules than the SNAT (Source NAT) mode.
  • The IP routing configuration has been fixed so route to a single host can operate properly.
  • The installation program has been enhanced to set a default value for the WAF limit files which is less than or equal to the maximum size for uploaded file given during the installation.
  • The Web GUI bug that prevents activation of administration services has been fixed.
  • IP routing has been fixed to allow routing via a gateway connected to the auxiliary interface.
  • The bug that prevents having an IP route without having a default route has been fixed.
  • The textual configuration displaying has been enhanced.
  • The auto logout for the Web GUI has been fixed.

New in CacheGuard OS NG NG 1.0.3 (21 July 2014) (Jan 17, 2017)

  • The Web GUI bug that prevents changing the Web GUI password with a password containing the characters '$' or '!' has been fixed.
  • The verification of input values for online commands and the Web GUI has been enhanced.
  • The firewall module has been fixed to allow traffic with any as the protocol.
  • The Web authentication module has been fixed to allow authentication for reverse websites.
  • The Web GUI has been improved to avoid false positive matches by generic WAF rules.
  • The FTP proxy over HTTP has been fixed to display properly directory contents.
  • The bug that prevents having more than one HTTP reverse websites configured with the same IP address has been fixed.

New in CacheGuard OS NG NG 1.0.2 (14 July 2014) (Jan 17, 2017)

  • The bug that prevents HTTPS reverse websites deleting has been fixed.
  • The apply operation integrity check has been fixed to prevent error messages when the VLAN mode is activated.
  • When a reverse website present in several forms (HTTP, HTTPS, with multiple IP addresses) is deleted, all its configurations (backend Web servers, load balancing, standby mode...) are preserved until the deletion of its last occurrence.
  • The total arguments length limit for the Web GUI has been fixed so the firewall can be configured properly using the Web GUI.

New in CacheGuard OS NG NG 1.0.1 (12 July 2014) (Jan 17, 2017)

  • A minor bug related to the synflood tuning has been fixed
  • A minor bug related to the URL blacklist message page has been fixed.

New in CacheGuard OS NG NG 1.0.0 (CacheGuard OS Version 6) (30 June 2014) (Jan 17, 2017)

  • The QoS management has been enhanced and the syntax of the command qos has also been changed. Now the keyword bandwidth should be specified to define bandwidth limits and the borrowing of the excess bandwidth can be activated or deactivated using the keyword borrow. Also the traffic shaping could be specified as a percentage or as a fixed value in Kbps. Other traffic than the traffic destined to the appliance itself (the gateway) could also be shaped in this version.
  • Keywords "intern" and "extern" have been respectively renamed to internal and external.
  • The CacheGuard License Agreement has been upgraded to version 2.0. In this version all CacheGuard Software components are subject to the GNU General Public License v3 while the aggregation of those components and other Open Source Software (as OSI definition) forming the "CacheGuard OS" is licensed under the "CacheGuard OS License Agreement version 2.0".
  • An SNMP agent and trap sender has been added to the system to monitor the appliance. Please use the command admin snmp to configure the SNMP monitoring.
  • Keywords related to SSL/TLS have been changed in the commands admin and authenticate for coherency purposes.
  • A new feature has been added to the system so the system can be backed up and restored (see the command system backup)
  • A contact email address may be specified with the command register.
  • The Linux kernel has been upgraded to a latest stable version.
  • The access list management for file and monitoring servers has been improved to allow the adding of host names in addition to host IPs.
  • The ntp server management has been improved to allow the adding of ntp server names in addition to ntp server IPs.
  • The keyword https in the command admin has been renamed to tls as the generated certificate is used by both the Web GUI and the SNMP agent.
  • A new logical network interface named auxiliary has been added to the system. You can use it for your specific needs (for instance to implement a DMZ or a Back Office zone).
  • The syntax of the command firewall has been changed.
  • Software RAID support has been added to the system.
  • The OS is now available in two versions: 32 bits and 64 bits.
  • New filter types based on time, authentication and IP ranges have been added to URL guarding module. Therefore the syntax of the command has been completely reviewed. Please refer to the guard command documentation for further information.
  • In the command authenticate, the argument "attribute" has been renamed to request.
  • Transparent traffic is clearly distinguished from forwarding traffic. A dedicated port is used for the transparent mode and a new command named transparent can manage the transparency for selected networks. Also the QoS module manages forwarding and transparent traffic separately.
  • The syntax of the command rweb has been changed so the management of SAN and wildcard certificates became easier.
  • The load balancing policy may be configured for reverse websites. This new feature includes the possibility to have sticky connections.
  • The installation program has been improved.
  • In order to ensure command syntax coherency the "access" and "virus" logs have been renamed respectively to to web and the antivirus.
  • The logging module has been enhanced to allow the logging of denied packets by the IP firewall.
  • In logging mode (mode log is activated) each log type (firewall, web, rweb, guard, virus, waf) can selectively be activated or deactivated.
  • Many minor bugs have been fixed.

New in CacheGuard OS NG 5.7.7 (Jul 5, 2013)

  • The command "system" has been improved to display the subscription end date.
  • The registration process have been improved to use the integrated Web proxy if possible.
  • A new feature has been added to the health panel to report the status of the antivirus and URL guard updates.
  • The Web GUI look and feel has been enhanced.
  • New hardware drivers have been added to the system.
  • Some minor bugs have been fixed.

New in CacheGuard OS NG 5.7.6 (Feb 29, 2012)

  • A new subscription verification module has been added to the system.

New in CacheGuard OS NG 5.7.5 (Feb 29, 2012)

  • Some minor bugs have been fixed in the Web GUI.
  • The log rotation system has been fixed to properly rotate the WAF log.

New in CacheGuard OS NG 5.7.4 (Feb 29, 2012)

  • The OS has been improved to support a better crash recovery.

New in CacheGuard OS NG 5.7.3 (Feb 29, 2012)

  • Installation in test mode has been improved to allow choosing the OS to load at bootup.
  • The mgt (for management) vlan has been renamed to mon (for monitoring).
  • The keyword mgt (for management) in the command "access" has been renamed to mon (for monitoring).

New in CacheGuard OS NG 5.7.2 (Feb 29, 2012)

  • The command "factoryreset" has been removed and replaced by the argument "factoryreset" added to the command "conf".
  • Reporting capabilities has been added to the proxy cache module (see the command "cache report").
  • Reporting and health checking capabilities has been added to the system (see the command "system report").

New in CacheGuard OS NG 5.7.1 (Feb 29, 2012)

  • The proxy cache module has been upgraded to its latest version.
  • The bug that prevents to download small video files while the cache and antivirus mode are both enabled has been fixed.
  • The command "filter" was renamed to "waf" (for Web Application Firewall).
  • In the command "mode", the keyword "filter" was renamed to "waf".
  • In the command "log", the keyword "filter" was renamed to "waf".
  • In the command "antivirus", the keyword "clear" was renamed to "create".

New in CacheGuard OS NG 5.6.10 (Feb 29, 2012)

  • The antivirus no longer checks images and textual contents.

New in CacheGuard OS NG 5.6.9 (Feb 29, 2012)

  • The minor bug related to the PUA mode activation has been fixed in the Web GUI.
  • All schemas in the documentation has been enhanced with new icons.