Softpedia >Windows >Security >Firewall >Kerio Control >  Changelog

Kerio Control Changelog

What's new in Kerio Control 9.4.4 Build 8407

Feb 23, 2024
  • New:
  • IKEv2 support
  • Improved:
  • Significant overall performance improvements
  • More accurate AppManager connectivity display
  • Appliances removed from AppManager stop processing AppManager-related data
  • Fixed:
  • NG511 appliance performance degradation in HA mode
  • Discrepancy between Interface Window and VPN Clients Window for users connected via VPN
  • IPSec Tunnels are no longer disconnected when the configuration is updated
  • SNMP is functional
  • 2FA verification message incorrectly showing default "30 days" expiration value
  • Custom logo not displayed on the login page
  • Corrected Mexico local time
  • Multiple memory leaks fixed
  • No checksum errors recorded on winroute.cfg after performing IPS or KerioControl updates
  • Errors encountered on some websites during categorization
  • CIDR address formats within the shared definitions are properly handled when synchronized via AppManager

New in Kerio Control 9.4.2 Build 7285 (Oct 11, 2022)

  • New:
  • Kernel upgrade
  • 2FA token expiration configuration for VPN
  • HTTP/S redirection in reverse proxy
  • Fixes:
  • Issues with Mac upload speed degradation
  • Updated IPSec VPN
  • Updated IPsec SNAT
  • WiFi authentication errors with Radius

New in Kerio Control 9.4.1 Build 7208 (May 18, 2022)

  • New:
  • New Kernel
  • New 2FA token expiration configuration for VPN 2FA
  • New HTTP/S redirect function in reverse proxy
  • Fixes:
  • KerioControl update server rejects upgrade from the latest HW box series.
  • HA stats temporary files are not being cleared.
  • Expired build-in "Let’s Encrypt certificates" have been renewed.
  • Fixed XSS security vulnerability in WebAdmin.
  • Getting checksum alert after upgrade to 9.3.6p1.
  • Free radius server fails to start.
  • Weekly and monthly reports are not being sent automatically.
  • Google remote desktop is not blocked once configured in content filtering rules.
  • Incorrect low free disk alert when data encryption is on.
  • Login page customizations are not working on Logic/Guest/User alerts pages.
  • Alert column info is blank for user transfer quota.

New in Kerio Control 9.3.0 Build 3273 (Apr 9, 2019)

  • High Availability - Active/Passive - Enable a secondary (Slave) identical Kerio Control to take over when the primary (Master) device is offline
  • IKEv2 Support (enable via console)
  • Fixed: Primary IP for WAN interface changes after reboot
  • Fixed: Last few entries of DHCP reservation list not displayed correctly in Firefox
  • Fixed: Address group still visible after being deleted
  • Fixed: IPSEC Tunnel drops in certain circumstances
  • Fixed: Configuration restore wizard IP addresses not populating
  • Fixed: Teamviewer application not blocked by Content Filter
  • Fixed: SafeSearch blocks Yandex

New in Kerio Control 9.2.9 Build 3171 (Jan 31, 2019)

  • Swap support
  • Fixed: Kerio VPN - Disabled insecure and vulnerable protocol Blowfish
  • Fixed: Optimized Snort priority for improved traffic bandwidth
  • Fixed: Changed affinity for snort process for improved traffic bandwidth
  • Fixed: HW NG500 crash
  • Older Kerio VPN Clients are not able to connect using this build. To allow please follow the following steps.
  • Open ssh connection or from console
  • Go to /opt/kerio/winroute folder
  • Run ./tinydbclient "Update VPN set AllowBlowfishCipher=1"

New in Kerio Control 9.2.7 Build 2921 (Sep 5, 2018)

  • 2-Step verification UI improvements
  • DHCP leases column added in DHCP
  • DST notification added to time zone settings page
  • IPv6 anti-spoofing functionality added
  • Linux VPN client now supports systemd
  • Unify approach to entering URL in rules
  • Upgraded Firefox install CA walkthrough screenshots
  • Fixed: Categories are not getting merged one when testing the miscategorized URLs in the Content filter
  • Fixed: Changing description for multiple users changes only those who have separate configuration
  • Fixed: Crash with error handling during domain joining/leaving
  • Fixed: Disable view user statistic when multiple users are selected
  • Fixed: Entries with multiple members in Service list not getting searched
  • Fixed: HTTP Cache dump should work without selected cache any message type
  • Fixed: Interface group ordering disabled
  • Fixed: IPSec connection is dropped every 3 hours
  • Fixed: IPsec: Some fields are cleared when Cipher configuration dialog is closed
  • Fixed: P2P suspicious connection detection
  • Fixed: Prevent consuming license usage when there is spoofing IPv6 connection
  • Fixed: Show details while joining AD fails because of time skew
  • Fixed: Technical support button on dashboard redirects to GFI support now
  • Fixed: Tunnel reset when cipher config dialog is closed
  • Fixed: User right column sort by rendered value
  • Fixed: SafeSearch blocking Google Cloud Messaging

New in Kerio Control 9.2.6 Build 2720 (May 16, 2018)

  • Added support for Encrypting personal/sensitive data stored on the disk
  • Fixed: Crash in some occasions due to empty HTTP header name

New in Kerio Control 9.2.5 Build 2587 (Apr 4, 2018)

  • Fixed: NTLM Authentication issue
  • Fixed: 2 Step Authentication issue
  • Fixed: Recompilation of WIFI driver with different flags for more compatibility

New in Kerio Control 9.2.5 Build 2570 (Mar 29, 2018)

  • Fixed: Crash every hour when sending email for invalid user after antivirus scanning

New in Kerio Control 9.2.5 Build 2532 (Mar 22, 2018)

  • Removal of PHP server-side scripting from Web Interface
  • Upgrade of strongSwan 5.5.1
  • Improved starting/stopping of VPN Client on Debian 8
  • VPN Client now supports macOS High Sierra
  • Fixed: Translation issues
  • Fixed: User preferences automatic language set to detected language
  • Fixed: Installation of VPN Client fails on Windows 7, 8
  • Fixed: The WiFi driver has been updated for better compatibility and stability
  • Fixed: Dashboard Traffic Chart Tile does not show relevant units
  • Fixed: Changing description for multiple users changes only those who have separate configuration
  • Fixed: Empty exclusions for connection limit corrupts config
  • Fixed: View Guest users in Kerio Control Statistics opens stats of "Not logged in" user
  • Fixed: WebAdmin error during configuration import
  • Fixed: Install CA screenshots are from old FireFox
  • Fixed: Menu bar icon not optimized for Mac with retina
  • Fixed: Remote Services: Data are not reloaded when changes are discarded on screen reload
  • Fixed: Bandwidth management traffic dialog: wrong info text
  • Fixed: Crash in ThreadCpuTime, when gdata.start_error = 1
  • Fixed: assert in DhcpLeaseTab::save()
  • Fixed: W10 Edge cannot login and access web interface if IPv6 is enabled
  • Fixed: missing limiter of AV check failed alert
  • Fixed: Russian Business Network blacklist is missing in IPS update
  • Fixed: Remove unsecure DES-CBC3-SHA from cipherlist
  • Fixed: Wi-Fi should be WiFi (legal requirement)
  • Fixed: Kerio VPN tunnels are using local networks defined in IPsec section (as Remote networks)
  • Fixed: Exported cfg. backup is corrupted
  • Fixed: Sending notifications from Kerio Control - InCorrect Format of notification
  • Fixed: On Groups page, "Rights" column is not sorted in correct order

New in Kerio Control 9.2.3 Build 2219 (Aug 22, 2017)

  • OpenSSL upgraded from 1.0.1u to 1.0.2j
  • Updated country list used in SSL Certificate definition
  • Fixed: CPU lock due to winroute loop

New in Kerio Control 9.2.2 Build 2172 (Mar 23, 2017)

  • Sophos Anti-Virus replaced with Kerio Antivirus which is based on the Bitdefender antivirus engine
  • Fixed: Stability issue, Kerio Control was unresponsive
  • Fixed: 0.0.0.0 was displayed instead of IP address of IPSec VPN client
  • Fixed: HTTP cache could not be eraseed
  • Fixed: Application detection didn't work with HTTP Header "Content-Type"
  • Fixed: Invalid certificate was created by HTTPS filtering

New in Kerio Control 9.2.1 Build 674 Patch 2 (Jan 30, 2017)

  • Kerio Control 9.2.1 brings you a signficant performance improvement in all Kerio Control’s security and inspection methods and filters. For example:
  • Improved performance by 15-20% with update to 64-bit hardware.
  • Large Segment Offoad (LSO).
  • Optimizing performance with LSO:
  • Kerio Control includes Large Segment Offoad (LSO), also referred to as Generic Segmentation Offoad (GSO). LSO allows the network interface controller to process the segmentation of a data transfer and causes significant performance improvements. However, these improvements are noticeable only during large data transfers, such as file downloads, or video streams.
  • The throughput gain depends on the particular deployment. To give you an example, you can expect up to 400 Mbps on the Kerio Control NG100 hardware appliance
  • Blocking incoming connections from specified countries:
  • Kerio Control allows you to create a filter for incoming trafic based on countries (GeoIP). Kerio Control then blocks all IP addresses that belong to the selected countries.
  • IPsec VPN tunnel configuration update:
  • Kerio Control 9.2 adds a detailed configuration for IKE and ESP ciphers used in IPsec VPN tunnels.With this detailed configuration you can easily create IPsec VPN tunnels with third-party firewalls.
  • Added support:
  • Kerio Control supports 64-bit hardware.
  • Hyper-V on Windows Server 2016

New in Kerio Control 9.0.1 Build 674 Patch 2 (Feb 22, 2016)

  • Glibc library update addressing CVE-2015-7547

New in Kerio Control 9.0.1 Build 547 (Jan 19, 2016)

  • Fixed: Connection using NAT hairpinning was not reliable
  • Fixed: Kerio Control Administration: Incorrect traffic chart captions
  • Fixed: Kerio Control Administration: It was not possible to import users from Active Directory
  • IP Address Groups, URL Groups and Time Ranges can be shared to all appliances in MyKerio organization
  • Extended set of protocols recognized on IPv6 in Bandwidth Management and Kerio Control Statistics
  • Network configuration is now automatically determined after deployment in Software and Virtual Appliance
  • The connection limit feature improved
  • MyKerio username is now logged into config log
  • Added PXE-boot DHCP option
  • Fixed: incorect remote IP address was displayed in IPsec tunnel details

New in Kerio Control 8.6.2 Build 3847 (Oct 13, 2015)

  • IPv6 improvements:
  • Kerio Control supports the IPv6 prefix delegation. If your ISP assigns an IPv6 prefix, Kerio Control can become a DHCPv6 client.
  • Also Kerio Control includes IPv6 routing table and IPv6 Router Advertisements are fully automatic in this version.
  • Control and Support for IPv6 protocol:
  • Preventing denial of service:
  • The configuration against denial of service has been redesigned. From now on, you can set different limits for one peer, multiple peers, and new connections per minute.
  • You can also set an exception for any host:
  • Read more in our knowledge base Setting hosts connection limits.
  • Other improvements:
  • Traffic Rules, Content Filter, Bandwidth Management have been redesigned for better usability.
  • All graphics have been optimized for Retina displays.
  • The System tile in dashboard warns you if time differs between Kerio Control and your browser.
  • Certificates are signed by SHA-256, certificate details now show an SHA-256 fingerprint.

New in Kerio Control 8.6.1 Build 3803-p1 (Sep 5, 2015)

  • Fixed: Stability issue in HTTPS filtering

New in Kerio Control 8.6.1 Build 3787 (Sep 2, 2015)

  • Added support for Microsoft Edge
  • Kerio VPN Client now detects unsupported SSL protocol version
  • Improved compatibility with 3rd party IPSec implementations
  • Fixed: several minor bugs

New in Kerio Control 8.6.0 Build 3693 Patch 1 (Jun 25, 2015)

  • Fixed: TCP connections had 10 seconds timeout until first data packet from server

New in Kerio Control 8.6.0 Build 3673 (Jun 23, 2015)

  • Kerio Control can be managed by the MyKerio service
  • Email alerts and reports can now be delivered using the MyKerio service
  • The connection limit feature redesigned
  • The IPv6 prefix delegation: Prefix routed by ISP is now automatically determined by a DHCPv6 client
  • Added automatic mode of IPv6 Router Advertisements
  • Kerio Control Administration: the IPv6 routing table added
  • Native x64 Kerio VPN Client for Linux
  • Certificates are signed by SHA-256, certificate details now show an SHA-256 fingerprint
  • The System tile in dashboard warns if time differs between Kerio Control and a browser
  • Kerio Control Administration: Condition editors (e.g. in Traffic, Content, Bandwidth rules) redesigned for better usability
  • All graphics optimized for Retina displays

New in Kerio Control 8.5.3 Build 3469 (May 5, 2015)

  • Fixed: Memory leak in IPsec VPN server
  • Fixed: Incorrect character encoding in email alerts
  • Fixed: Upload/download direction was incorrectly determined in Bandwidth Management inside VPN tunnel
  • Fixed: It was not possible to detect remote endpoint fingerprint in Kerio VPN tunnel configuration
  • Fixed: Certain traffic from VPN client was not blocked by 2-Step verification

New in Kerio Control 8.5.2 Build 3397 (Apr 14, 2015)

  • OpenSSL library updated to version 1.0.1m, SSLv3 and less secure SSL ciphers were disabled
  • VPN Client: Remove connection button is disabled when connection list is empty
  • Fixed: VPN client opens browser window unexpectedly
  • Fixed: Ethernet interface incorrectly kept IP address after cable was disconnected
  • Fixed: User was not able to configure 2-Step verification remotely
  • Fixed: User was redirected to http:/// after 2-Step verification configuration

New in Kerio Control 8.5.1 Build 3235 (Mar 10, 2015)

  • Fixed: Hosts were not redirected to authentication page under some circumstances
  • Fixed: Compatibility issue in Ethernet speed and duplex configuration
  • Fixed: Stability issue in configuration import

New in Kerio Control 8.5.0 Build 3127 (Feb 17, 2015)

  • Added 2-Step verification feature
  • Kerio Control Administration: IP Address Groups editor was simplified
  • Kerio Control Administration: Overlapping Traffic Rules are now detected
  • Kerio Control Administration: It is now possible to select Bits per second or Bytes per second as speed units
  • Guest network can use arbitrary DNS server
  • Guest network can be selected as source in Content Filter rules and Bandwidth Management rules
  • Added new email alerts for Traffic Rules, Content Filter, log message and several system events
  • Added Service Discovery forwarding
  • Optimized Bandwidth parameters in order to reduce latency
  • Config log now contains also names and original values
  • VPN Client for OS X installer rewritten to PackageMaker
  • VPN Client: Added possibility to name and to delete saved connection

New in Kerio Control 8.4.3 Build 3108 (Jan 30, 2015)

  • Fixed: glibc vulnerability CVE-2015-0235

New in Kerio Control 8.4.2 Build 2869 (Nov 27, 2014)

  • Fixed: It was not possible to import configuration under some circumstances
  • Fixed: NTLM was not performed automatically by browsers
  • Fixed: Kerio Control Administration: it was not possible to edit URL group with more than 500 entries
  • Fixed: VPN Client for OS X invalid driver signature
  • Fixed: several minor issues in Kerio Control Statistics

New in Kerio Control 8.4.1 Build 2731 (Oct 24, 2014)

  • OpenSSL library updated to version 1.0.1j addressing CVE-2014-3566 (POODLE)
  • Frequent MAC address changes caused by NIC teaming are not logged into host log.
  • VPN Client: Added support for OS X 10.10 Yosemite
  • Added support for Safari 7.1 and 8 browser
  • Fixed: Filename condition in Content Filter could break some websites
  • Fixed: stability issue caused by IPv6 policy routing
  • Fixed: several issues in HTTPS filtering

New in Kerio Control 8.4.0 Build 2650 (Oct 14, 2014)

  • Added RADIUS server for user authentication and WPA2 Enterprise WiFi security
  • Added HTTPS filtering feature
  • Added Guest interface group
  • Traffic rules now works also for IPv6 traffic
  • Statistics web interface is now responsive for optimal viewing experience on mobile devices
  • VLAN are now imported from configuration backup
  • Added support for WebSockets using HTTP Upgrade header
  • Interface and system statistics charts are persistent across restarts
  • Hostname condition now uses internal DNS cache and match also subdomains
  • Added ability to specify syslog port, facility and application
  • It is possible to view built-in certificates and import certificates without private key
  • Fixed: IPsec tunnel re-authentication with Cisco ASA
  • Improved Reverse HTTP proxy compatibility with HTTP Location header redirects
  • Improved FTP bounce attack protection
  • Passwords are now always stored in MS-CHAP v2 compatible format for Local users

New in Kerio Control 8.3.4 Build 2461 (Aug 26, 2014)

  • Fixed: fragmented packets were incorrectly routed

New in Kerio Control 8.3.3 Build 2342 (Jul 23, 2014)

  • Fixed: stability issue in HTTP proxy
  • improved DNS timeout detection in Kerio Control Web Filter
  • additional WebDAV methods were allowed in HTTP proxy

New in Kerio Control 8.3.2 (Jul 23, 2014)

  • Fixed: packets was sometimes incorrectly dropped by MAC lter due to empty MAC address
  • Fixed: OpenSSL vulnerability CVE-2014-0224
  • Fixed: SQL injection vulnerability in Kerio Control Statistics
  • Authentication on HTTP connection is now not required inside VPN tunnel
  • Supported operating systems and hypervisors updated to recent versions

New in Kerio Control 8.3.1 Build 2108 (Jun 7, 2014)

  • Logo and page title on web interface is now customizable
  • Fixed: incorrect MAC address was assigned to host on DNAT connection
  • Fixed: Statistics database could be corrupted by non-UTF8 characters
  • Fixed: Packets from firewall are now correctly logged in filter log in case of NAT
  • Fixed: IPS false positives on SMTP connections
  • Fixed: Kerio Control Administration: It is now possible to add VLAN in Google Chrome
  • Fixed: Kerio Control Administration: Incorrect row was focussed after Reset on different screens

New in Kerio Control 8.3.0 Build 1988 (Apr 24, 2014)

  • Reverse proxy
  • Trac rules: new wizard for creating trac rules
  • Trac rules: text search
  • Trac rules: test rules
  • Trac rules: row hiding
  • Trac rules: last Used column
  • Trac rules: added more colors
  • You can create a group of services
  • Bandwidth management rules can be now applied to VPN tunnel trac before
  • encryption
  • Dynamic DNS client now can detect public IP address
  • Automatic login now doesn’t work for users disabled in a directory service
  • MAC address can now be used for automatic user login
  • Active hosts now shows MAC address
  • MAC Filter can now automatically permit MAC addresses used in DHCP reservations
  • and automatic user login
  • New Host log introduced
  • Added support for FTP in automatic conguration backup
  • Manually assigned IP addresses within DHCP scope can now be blocked
  • DHCP reservation and automatic user login can be created from context menu on
  • Active Hosts screen
  • Fixed: DNS forwarder now forwards DKIM queries
  • Linux kernel upgraded to version 3.12
  • Fixed: OpenSSL vulnerability CVE-2014-0160

New in Kerio Control 8.2.2 Build 1684 (Feb 4, 2014)

  • Fixed: possible deadlock in Content Filter

New in Kerio Control 8.2.2 Build 1619 (Jan 14, 2014)

  • Pre-windows 2000 account name is now used if user have secondary UPN sux in
  • Active Directory
  • Fixed: Stability issue in User database
  • Fixed: Forbidden words was always disabled after reboot
  • Fixed: Kerio Control Administration: Several minor stability issues

New in Kerio Control 8.2.1 Build 1461 (Dec 5, 2013)

  • Content Filter: File name is now detected also in URL
  • Kerio VPN Client: Driver is not installed to /System/Library/Extensions on OS X 10.9 Mavericks
  • Fixed: Content rule URL condition "*" incorrectly matches non-HTTP connections
  • Fixed: Stability isuue in HTTP protocol inspector
  • Fixed: HTTP cache TTL was not computed correctly
  • Fixed: Kerio Control Administration: several stability issues

New in Kerio Control 8.2.0 Build 1334 (Nov 19, 2013)

  • Content Filter feature replaces HTTP and FTP policy
  • Added L2TP interface type
  • PAE was enabled in Linux kernel, more than 4GB of RAM are now detected
  • IPv6 support was added to HTTP protocol inspection
  • Space occupied by HTTP cache is now reported in storage space management
  • Enabled workaround for poor performance of particular TCP connections in VMWare
  • vmxnet driver
  • Backup DNS servers are now detected in Active Directory domain
  • HTTP proxy server now supports method OPTIONS
  • Kerio Control Administration: definitions can be edited directly from the policy
  • screens
  • Kerio Control Administration: unsupported Ethernet port speed / duplex is now reported
  • Kerio Control Administration: particular screen can be opened by URL bookmark
  • Fixed: Kerio Control Administration: Properties of user named "admin" from Active
  • Directory are now editable
  • Added support for Internet Explorer 11 and Safari 7 browsers

New in Kerio Control 8.1.1 Build 1212 (Oct 10, 2013)

  • Fixed: It was impossible to add user to rule if AD contains thousands of objects
  • Fixed: Samepage.io backup API update

New in Kerio Control 8.1.1 Build 928 (Jul 23, 2013)

  • Added support for multiple organizations in Samepage.io backup
  • Fixed: Dynamic DNS hostnames used in policies was not repeatedly resolved
  • Fixed: IP mask could be incorrectly configured in case of multiple IP addresses on interface
  • Fixed: FTP connection was closed with a 10 seconds delay

New in Kerio Control 8.1.0 Build 845 (Jun 25, 2013)

  • Added ability to backup configuration to Samepage.io automatically
  • Added support for monitoring with SNMP
  • Kerio Control Administration: Added IP Tools - Ping, Traceroute, DNS Lookup, Whois
  • Added login guessing protection
  • Added support for regular expressions in URL
  • Added failover for VPN tunnel
  • Kerio Control Administration: Added Packet Dump management
  • Appliance Edition: Added support for the most common RAID controllers
  • Removed limit of 2048 MB in HTTP cache size
  • Kerio Control Administration: Added ability to navigate by letter keys in lists of items
  • Kerio Control Administration: Definitions: Added filtering and improved paging
  • Kerio Control Administration: Added tooltips with values in MB or GB instead of kB in User Statistics and Traffic Charts
  • Kerio Control Administration: MAC address related to a DHCP lease can be searched in multiple scopes
  • Kerio Control Administration: Added possibility to delete declined DHCP leases
  • Kerio Control Administration: Added ability to view, delete, download rotated log files
  • Added possibility to edit Local networks for IPsec tunnels
  • Added support for chunked transfer encoding in HTTP POST
  • Kerio Control statistics: improved recognition of major social networks and multimedia sites
  • Kerio Control Administration: Improved status reporting of VPN tunnels
  • Fixed: Local transparent proxy didn't work for IPsec tunnel
  • Kerio Control Administration: Fixed: it was not possible to enter 255.255.255.255 into mask field
  • Fixed: Passive IPsec tunnel was not reconnected after its configuration was changed
  • Fixed: SIP calls didn't work when primary line went back online in failover scenario
  • Fixed: Incorrect interface names was logged in filter log
  • Fixed: MS-CHAP v2 password hash was incorrectly computed for users in local database
  • Dropped support for Parallels hypervisor

New in Kerio Control 8.0.1 Build 609 (Apr 2, 2013)

  • Kerio Control Administration: password inputs behavior unified
  • Local ID of IPsec tunnel is now editable
  • Fixed: IPsec clients was disconnected after 3 hours
  • Fixed: HTTP header "Referer" was incorrectly removed under specific circumstances
  • Fixed: It was not possible to establish IPsec tunnel with more than 5 authorities in certificate store
  • Fixed: Remote ID of IPsec tunnel was incorrectly determined if the certificate was not in certificate store
  • Fixed: "Unable to check whether the VPN server's security certificate has or has not been revoked" warning was incorrectly displayed.

New in Kerio Control 8.0.0 Build 551 (Mar 13, 2013)

  • IPsec PSK can now contain special characters
  • SSL key size increased to 2048b
  • Fixed: Week User and Trac statistics were lost during restart
  • Fixed: IPsec tunnel works after endpoint is renamed
  • Fixed: IPsec tunnel now reconnects after PPPoE line failure

New in Kerio Control 8.0.0 RC 1 (Mar 13, 2013)

  • Routing between IPsec tunnels is now congured automatically
  • Administration and web interface is now available on port 80 (HTTP) and 443 (HTTPS)
  • Passwords can be stored in MS-CHAP v2 compatible format in local user database
  • Fixed: TCP RST packet was not allowed during 3-way handshake
  • Fixed: Stability issue in HTTP keywords ltering
  • Fixed: ICMP packet replay protection
  • Fixed: HTTPS URL ltering now blocks reused sessions
  • Fixed: HTTP cache had negative impact on throughput

New in Kerio Control 8.0.0 Beta 1 (Mar 13, 2013)

  • Added IPsec VPN server
  • Added IPsec VPN tunnel support
  • Added certicate store for easier certicate management
  • Added support for IPv6-only servers to non-transparent HTTP proxy
  • SSL and TLS encryption can now be used in communication with SMTP relay
  • WebFilter now lter HTTPS trac over HTTP proxy
  • Kerio Control Administration: Load time of dashboard was reduced
  • Kerio Control Administration: Firefox and Chrome browsers on Android mobile devices are now supported
  • Dropped support for all Windows platforms
  • Build-in pluins for external antivirus removed
  • Hardware Appliance: LAN switch interface without Ethernet link now keeps it’s IP address
  • Original URL instead of le name is now matched against antivirus URL rules
  • Kerio Control Administration: Application menu and automatic refresh was re-
  • designed
  • Fixed: Control now honor TTL values in DNS
  • Fixed: Dropped incoming packets are now accounted in Bandwidth management
  • Fixed: Statistics contained "Unknown" user
  • Fixed: BOOTP message now contains IP address of DHCP server
  • Fixed: DHCP server assigns wrong addresses in case of multiple subnets on one interface
  • Fixed: HTTP cache didn’t re-validate document if HTTP header "max-age=0" was present
  • Fixed: Kerio Control Administration: System uptime was shown as NaN:NaN:NaN

New in Kerio Control 7.4.1 Build 5051 (Dec 5, 2012)

  • Hyper-V server 2012 support added
  • Internet Explorer 10 support added
  • Hostname specified on Web Interface configuration screen is now used in alerts and email reports
  • Appliance Edition: Gratuitous ARP is send for each bound IP address
  • Improved HTTPS filtering effectiveness
  • Fixed: Appliance Edition: Time is not synchronized with NTP server
  • Fixed: Specific connections cannot be established using RAS (PPP) interfaces on Windows 7 / 2008R2 platform
  • Fixed: Stability issue in configuration export
  • Fixed: Groups mapped from Active Directory with a special characters in their name doesn't contain users
  • Fixed: Stability issue in URL filter
  • Fixed: Anti-spoofing feature blocks reception of firewall's own broadcasts and multicasts
  • Fixed: Email reports may contain no data
  • Fixed: Kerio Control Administration: Cannot edit reservation in DHCP manual mode
  • Fixed: Kerio Control Administration: It is possible to add/move IP group from opened page only

New in Kerio Control 7.4.0 Build 5027 (Nov 12, 2012)

  • Fixed: connections to VPN server on PPP interface cannot be established

New in Kerio Control 7.4.0 Build 4986 (Nov 12, 2012)

  • HTTPS traffic filtering
  • Added support for Microsoft Hyper-V including pre-built virtual appliance image
  • Statistics for groups
  • Users can now view their own statistics
  • Added possibility to send user statistics as a regular email report
  • User photos in statistics
  • Kerio Control Administration dashboard
  • Appliance Edition: Added support for 802.1Q VLAN interfaces
  • User can now report incorrect Kerio Control Web Filter categorization directly from Denial Page
  • Added possibility to allow inbound IPv6 connections from/to specified addresses
  • New categories added to Kerio Control Web Filter
  • Kerio Control Web Filter now categorizes URLs embedded inside original URLs (used for example by Google Translate)
  • Appliance Edition: Added possibility to configure link speed and duplex for the links
  • Appliance Edition: Added possibility to use gateway which does not match local subnet
  • Added support for load balancing multiple PPPoE connections established to single ISP (to the same IP subnet)
  • It is now possible to move DHCP reservation between scopes
  • External antivirus support removed. Previously configured external antivirus remains set but it is not possible to configure new external antivirus.
  • Significantly improved performance when configuring large number of IP addresses on an interface
  • Deny pages redesigned
  • Administrator is warned when leaving Kerio Control Administration while edit dialog is open in order to prevent data loss
  • Kerio Control Administration: Graphs design improved
  • Kerio Control now uses multiple NTP servers in order to increase time synchronization reliability
  • When duplicating a rule in the list, the new rule is now always created below the original rule
  • Improved NTLM compatibility - now NTLM should work out of the box in most scenarios
  • It is now possible to test SMTP relay before applying it's configuration
  • Kerio Control Administration: Less often used buttons merged to 'More actions' button to save space
  • Turning antivirus scanning off on SMTP connections now can resolve greylisting incompatibility issues
  • Added the possibility to continue using backup internet line in failover mode
  • Increased timeout for SIP connections
  • Improved performance of user authentication on proxy server
  • Extended configuration options of HTTP cache
  • Number of users and connected devices is now visible on dashboard
  • Fixed: SSH session established through the firewall could timeout
  • Fixed: Kerio Control Web Filter failed to categorize extremely long URLs
  • Fixed: DNS forwarder failed to forward queries for names longer than 128 bytes.
  • Kerio Control Administration: several minor improvements, increased stability
  • Fixed: Appliance Edition: When joining domain A record for firewall host was not added on domain's DNS server. Client computers were not able to access the firewall when using domain's DNS server.
  • Fixed: VPN Server IP address was not displayed on the Interfaces screen
  • Fixed: It was not possible to create VPN tunnel with custom routes only
  • Fixed: If automatic login IP address configured for first user was later configured for another user, it was deleted for the first user without any warning.
  • Fixed: IPv6 connection timeout was not correctly changed after FIN or RST was received
  • Fixed: Appliance Edition: IP address and routes were not removed from interface on cable disconnect
  • Fixed: BOOTP server sometimes failed to configure TFTP server (causing PXE boot to fail under certain circumstances)
  • Fixed: Traffic charts for rules involving time intervals did not work properly
  • Fixed: Moving system date/time forward disconnected Kerio Control Administration
  • Fixed: Kerio Control installation failed if profile folder was on other than system partition
  • Fixed: Antivirus now works in trial mode
  • Fixed: Wrong policy routing applied after change of routing table
  • Fixed: Persistent VPN on Mac OS X 10.8 Mountain Lion
  • Fixed: NAT was not applied correctly on SIP connections

New in Kerio Control 7.3.2 Build 4445 (Jun 13, 2012)

  • Integrated web server PHP hardened
  • Maximum number of IPv4 addresses per interface increased
  • Updated list of supported VMWare hypervisors
  • VPN Client: updated list of supported linux distributions
  • Fixed: It was not possible to edit Traffic, HTTP or FTP rules after upgrade from Kerio WinRoute Firewall 6 if some of the original rules was unnamed
  • Fixed: Kerio VPN Client service was not properly started after Kerio VPN Client upgrade - machine reboot was required
  • Fixed: Potential crash in NTLM authentication
  • Fixed: Potential crash in Dynamic DNS client

New in Kerio Control 7.3.1 (Jun 13, 2012)

  • VPN Client can now use VPN as a default route (based on VPN Server configuration, both VPN Client and VPN Server must run version 7.3.1 or newer)
  • Computer connected through Kerio VPN now prefers DNS server accessible through the VPN instead of the local one
  • Appliance Edition: Ethernet cable status change is detected
  • Appliance Edition can now be installed using USB installation disk
  • IPv6 connection logging can now be enabled/disabled in Security Settings
  • Fixed: Routing problems with VPN (both clients and tunnels) when multiple Internet connections are used
  • Fixed: Connection going through NAT could be dropped under certain circumstances
  • Fixed: Configuring autologin from Firewall for one user can lead to autologin configuration reset for another user (if Address Group was used)
  • Fixed: Fixed: Administration Console: some DHCP options (option 21, option 33) were not saved
  • Fixed: Dial-up/Hang-up RAS scripts were not executed
  • Fixed: Policy routing did not work for Firewall host
  • Fixed: IGMP multicasts were dropped and reported as Malformed packets
  • Fixed: Bandwidth Management default rule matched IPv6 traffic
  • Fixed: Several minor design issues in StaR email reports
  • Fixed: Kerio Control Administration: custom route description was mandatory
  • Fixed: Support incident cannot be opened for registered trial
  • Fixed: Kerio Control Administration: auto refresh did not work in Active Hosts -> Connections
  • Fixed: Administration Console: several minor bugs

New in Kerio Control 7.3.0 Build 3861 (Mar 1, 2012)

  • StaR email reports
  • Basic IPv6 support
  • Daily IPS Blacklists updates
  • Speed and stability of Kerio Control Administration has been improved with smart caching of data and resources
  • Possibility to Suggest Idea to Kerio from the product
  • Voluntary usage statistics gathering
  • Appliance Edition: Improved hardware support
  • Appliance Edition: Added possibility to manually specify DNS and gateway for DHCP configured interfaces
  • Web Filter categories can be reviewed in list of URL Rules in Kerio Control Administration
  • Yandex added to list of search engines (StaR and HTTP policy)
  • CIDR notation can be used to specify network mask in Kerio Control Administration
  • Kerio Control Administration suggests optimum values for some items, e.g. network masks
  • Comma and space are converted to a delimiter while entered in field for IP address or mask in Kerio Control Administration
  • Appliance Edition: PPPoE interface is hung up and redialed when administrator changes interface MTU
  • Kerio Control Administration displays warning if Kerio Control runs on a computer with RAM size not meeting system requirements
  • Connection log used to display DNS names if available IP addresses otherwise. Now the IP address is always displayed (together with the DNS name)
  • Kerio Web Filter server address changed
  • HTTP keywords filtering performance significantly improved
  • Fixed: Appliance Edition: StaR database engine could crash
  • Fixed: Several minor bugs in Microsoft Active Directory integration
  • Fixed: Link Load Balancing can cause long HTTP session to expire
  • Fixed: Antivirus scanning rules ignores URLs which begin with 'ftp://'
  • Fixed: Server defined as IP:port was not handled properly in HTTP policy
  • Fixed: Unable to login to Kerio Control Administration when primary domain is inaccessible and user account "Admin" is missing in local user database
  • Fixed: Unable to start Web administration from Kerio Control Monitor on Windows x64 platforms under certain circumstances
  • Fixed: User name containing special characters is not displayed correctly in StaR
  • Fixed: Deleted files are kept in the list of files until screen is refreshed in Clientless SSL-VPN
  • Fixed: Direct SIP calls between two clients in Local network are reported as SIP VoIP in StaR
  • Fixed: VPN Client: It was not possible to connect to VPN server defined by name with an underscore
  • Fixed: Uninstallation could leave some files (upgrade backups) on disk
  • Fixed: Error "(99) Socket error: Unable to bind socket for service" sometimes logged on firewall startup
  • Fixed: Appliance Edition: Admin account remained disabled when importing configuration from Windows with disabled Admin account
  • Fixed: Appliance Edition: Restart after configuration import sometimes freezed the appliance
  • Fixed: Appliance Edition: Low free space alert was not sent for depleted temporary storage
  • Fixed: Windows Firewall was not sometimes correctly stopped on Kerio Control engine startup
  • Fixed: HTTP Protocol Inspector unnecessarily closed keepalive connection after HTTP 304 response had been received
  • FTP over HTTP proxy: improved upload speed on high speed lines with high latency
  • Improved error handling in configuration export/import
  • Appliance Edition: Improved stability of KRB5 authentication
  • Serial port removed from Parallels Virtual Appliance

New in Kerio Control 6.7.1 Patch 2 Build 6544 (Apr 28, 2010)

  • Software Appliance: Fixed: IP fragmentation now works correctly
  • Fixed: Random crash in login to Administration web interface
  • Fixed: Long URLs are now categorized by Kerio Web Filter
  • Timezone database was updated
  • Software Appliance: support for more network cards and hard drives was added
  • Fixed: NTLM authentication works if user name contains national characters

New in Kerio Control 6.7.1 (Apr 28, 2010)

  • Software Appliance / VMware Virtual Appliance Edition
  • Active Directory Domain Integration
  • Support for Microsoft Windows 7
  • Workaround added for devices with broken PPTP support

New in Kerio Control 6.7.0 (Apr 28, 2010)

  • Web Administration (https://:4081/admin)
  • Configuration Export/Import
  • ISS OrangeWeb Filter replaced by Kerio Web Filter
  • Microsoft Windows 7 preliminary support

New in Kerio Control 6.6.0 (Apr 28, 2010)

  • VPN client for Windows runs as a service (it is possible to have VPN established before login to Windows)
  • VPN server propagates WINS servers and DNS domain suffix to VPN client
  • VPN client now uses primary IP address on VPN adapter (improved Network Neighborhood browsing)
  • Added support for Eset NOD32 Antivirus 3.0/4.0
  • Fixed CPU load peak every 3 seconds caused by DHCP renew on VPN adapter
  • The Kerio VPN Client does not allow multiple concurrent VPN connections.
  • The extended and the basic mode of the Kerio VPN Client have been merged.

New in Kerio Control 6.5.2 (Apr 28, 2010)

  • fixed memory leak in DNS forwarder
  • fixed 100% CPU bug when emailing alerts
  • fixed possible crash in LDAP (this fix supposed to be in 6.5.1 but wasn't)
  • fixed web interface login page did not show in Internet Explorer 5

New in Kerio Control 6.5.1 Build 5000 (Oct 23, 2008)

  • fixed possible crash in LDAP
  • fixed incompatibility with VPN configured in Routing and Remote Access
  • fixed possible deadlock in DNS resolver
  • fixed compatibility/performance issues in UPnP
  • fixed compatibility issues with Microsoft Virtual Machine
  • fixed incorrect handling of static routes on interfaces in Internet group

New in Kerio Control 6.4.0 Build 3176 (Sep 17, 2007)

  • User activity logs in StaR
  • Printer ready version of StaR
  • Improved overall throughput performance
  • NAT was made more traversal friendly for VoIP applications
  • Added support for popular dynamic DNS services
  • Added URL based web exclusions from StaR
  • Added support for weekly quotas
  • Added possibility to select users' preferred language

New in Kerio Control 6.3.0-2397 Beta (Jan 20, 2007)

  • Added support for Internet Explorer 7 to Kerio Clientless SSL-VPN