What's new in Kerio Control 9.4.4 Build 8407
Feb 23, 2024
- New:
- IKEv2 support
- Improved:
- Significant overall performance improvements
- More accurate AppManager connectivity display
- Appliances removed from AppManager stop processing AppManager-related data
- Fixed:
- NG511 appliance performance degradation in HA mode
- Discrepancy between Interface Window and VPN Clients Window for users connected via VPN
- IPSec Tunnels are no longer disconnected when the configuration is updated
- SNMP is functional
- 2FA verification message incorrectly showing default "30 days" expiration value
- Custom logo not displayed on the login page
- Corrected Mexico local time
- Multiple memory leaks fixed
- No checksum errors recorded on winroute.cfg after performing IPS or KerioControl updates
- Errors encountered on some websites during categorization
- CIDR address formats within the shared definitions are properly handled when synchronized via AppManager
New in Kerio Control 9.4.2 Build 7285 (Oct 11, 2022)
- New:
- Kernel upgrade
- 2FA token expiration configuration for VPN
- HTTP/S redirection in reverse proxy
- Fixes:
- Issues with Mac upload speed degradation
- Updated IPSec VPN
- Updated IPsec SNAT
- WiFi authentication errors with Radius
New in Kerio Control 9.4.1 Build 7208 (May 18, 2022)
- New:
- New Kernel
- New 2FA token expiration configuration for VPN 2FA
- New HTTP/S redirect function in reverse proxy
- Fixes:
- KerioControl update server rejects upgrade from the latest HW box series.
- HA stats temporary files are not being cleared.
- Expired build-in "Let’s Encrypt certificates" have been renewed.
- Fixed XSS security vulnerability in WebAdmin.
- Getting checksum alert after upgrade to 9.3.6p1.
- Free radius server fails to start.
- Weekly and monthly reports are not being sent automatically.
- Google remote desktop is not blocked once configured in content filtering rules.
- Incorrect low free disk alert when data encryption is on.
- Login page customizations are not working on Logic/Guest/User alerts pages.
- Alert column info is blank for user transfer quota.
New in Kerio Control 9.3.0 Build 3273 (Apr 9, 2019)
- High Availability - Active/Passive - Enable a secondary (Slave) identical Kerio Control to take over when the primary (Master) device is offline
- IKEv2 Support (enable via console)
- Fixed: Primary IP for WAN interface changes after reboot
- Fixed: Last few entries of DHCP reservation list not displayed correctly in Firefox
- Fixed: Address group still visible after being deleted
- Fixed: IPSEC Tunnel drops in certain circumstances
- Fixed: Configuration restore wizard IP addresses not populating
- Fixed: Teamviewer application not blocked by Content Filter
- Fixed: SafeSearch blocks Yandex
New in Kerio Control 9.2.9 Build 3171 (Jan 31, 2019)
- Swap support
- Fixed: Kerio VPN - Disabled insecure and vulnerable protocol Blowfish
- Fixed: Optimized Snort priority for improved traffic bandwidth
- Fixed: Changed affinity for snort process for improved traffic bandwidth
- Fixed: HW NG500 crash
- Older Kerio VPN Clients are not able to connect using this build. To allow please follow the following steps.
- Open ssh connection or from console
- Go to /opt/kerio/winroute folder
- Run ./tinydbclient "Update VPN set AllowBlowfishCipher=1"
New in Kerio Control 9.2.7 Build 2921 (Sep 5, 2018)
- 2-Step verification UI improvements
- DHCP leases column added in DHCP
- DST notification added to time zone settings page
- IPv6 anti-spoofing functionality added
- Linux VPN client now supports systemd
- Unify approach to entering URL in rules
- Upgraded Firefox install CA walkthrough screenshots
- Fixed: Categories are not getting merged one when testing the miscategorized URLs in the Content filter
- Fixed: Changing description for multiple users changes only those who have separate configuration
- Fixed: Crash with error handling during domain joining/leaving
- Fixed: Disable view user statistic when multiple users are selected
- Fixed: Entries with multiple members in Service list not getting searched
- Fixed: HTTP Cache dump should work without selected cache any message type
- Fixed: Interface group ordering disabled
- Fixed: IPSec connection is dropped every 3 hours
- Fixed: IPsec: Some fields are cleared when Cipher configuration dialog is closed
- Fixed: P2P suspicious connection detection
- Fixed: Prevent consuming license usage when there is spoofing IPv6 connection
- Fixed: Show details while joining AD fails because of time skew
- Fixed: Technical support button on dashboard redirects to GFI support now
- Fixed: Tunnel reset when cipher config dialog is closed
- Fixed: User right column sort by rendered value
- Fixed: SafeSearch blocking Google Cloud Messaging
New in Kerio Control 9.2.6 Build 2720 (May 16, 2018)
- Added support for Encrypting personal/sensitive data stored on the disk
- Fixed: Crash in some occasions due to empty HTTP header name
New in Kerio Control 9.2.5 Build 2587 (Apr 4, 2018)
- Fixed: NTLM Authentication issue
- Fixed: 2 Step Authentication issue
- Fixed: Recompilation of WIFI driver with different flags for more compatibility
New in Kerio Control 9.2.5 Build 2570 (Mar 29, 2018)
- Fixed: Crash every hour when sending email for invalid user after antivirus scanning
New in Kerio Control 9.2.5 Build 2532 (Mar 22, 2018)
- Removal of PHP server-side scripting from Web Interface
- Upgrade of strongSwan 5.5.1
- Improved starting/stopping of VPN Client on Debian 8
- VPN Client now supports macOS High Sierra
- Fixed: Translation issues
- Fixed: User preferences automatic language set to detected language
- Fixed: Installation of VPN Client fails on Windows 7, 8
- Fixed: The WiFi driver has been updated for better compatibility and stability
- Fixed: Dashboard Traffic Chart Tile does not show relevant units
- Fixed: Changing description for multiple users changes only those who have separate configuration
- Fixed: Empty exclusions for connection limit corrupts config
- Fixed: View Guest users in Kerio Control Statistics opens stats of "Not logged in" user
- Fixed: WebAdmin error during configuration import
- Fixed: Install CA screenshots are from old FireFox
- Fixed: Menu bar icon not optimized for Mac with retina
- Fixed: Remote Services: Data are not reloaded when changes are discarded on screen reload
- Fixed: Bandwidth management traffic dialog: wrong info text
- Fixed: Crash in ThreadCpuTime, when gdata.start_error = 1
- Fixed: assert in DhcpLeaseTab::save()
- Fixed: W10 Edge cannot login and access web interface if IPv6 is enabled
- Fixed: missing limiter of AV check failed alert
- Fixed: Russian Business Network blacklist is missing in IPS update
- Fixed: Remove unsecure DES-CBC3-SHA from cipherlist
- Fixed: Wi-Fi should be WiFi (legal requirement)
- Fixed: Kerio VPN tunnels are using local networks defined in IPsec section (as Remote networks)
- Fixed: Exported cfg. backup is corrupted
- Fixed: Sending notifications from Kerio Control - InCorrect Format of notification
- Fixed: On Groups page, "Rights" column is not sorted in correct order
New in Kerio Control 9.2.3 Build 2219 (Aug 22, 2017)
- OpenSSL upgraded from 1.0.1u to 1.0.2j
- Updated country list used in SSL Certificate definition
- Fixed: CPU lock due to winroute loop
New in Kerio Control 9.2.2 Build 2172 (Mar 23, 2017)
- Sophos Anti-Virus replaced with Kerio Antivirus which is based on the Bitdefender antivirus engine
- Fixed: Stability issue, Kerio Control was unresponsive
- Fixed: 0.0.0.0 was displayed instead of IP address of IPSec VPN client
- Fixed: HTTP cache could not be eraseed
- Fixed: Application detection didn't work with HTTP Header "Content-Type"
- Fixed: Invalid certificate was created by HTTPS filtering
New in Kerio Control 9.2.1 Build 674 Patch 2 (Jan 30, 2017)
- Kerio Control 9.2.1 brings you a signficant performance improvement in all Kerio Control’s security and inspection methods and filters. For example:
- Improved performance by 15-20% with update to 64-bit hardware.
- Large Segment Offoad (LSO).
- Optimizing performance with LSO:
- Kerio Control includes Large Segment Offoad (LSO), also referred to as Generic Segmentation Offoad (GSO). LSO allows the network interface controller to process the segmentation of a data transfer and causes significant performance improvements. However, these improvements are noticeable only during large data transfers, such as file downloads, or video streams.
- The throughput gain depends on the particular deployment. To give you an example, you can expect up to 400 Mbps on the Kerio Control NG100 hardware appliance
- Blocking incoming connections from specified countries:
- Kerio Control allows you to create a filter for incoming trafic based on countries (GeoIP). Kerio Control then blocks all IP addresses that belong to the selected countries.
- IPsec VPN tunnel configuration update:
- Kerio Control 9.2 adds a detailed configuration for IKE and ESP ciphers used in IPsec VPN tunnels.With this detailed configuration you can easily create IPsec VPN tunnels with third-party firewalls.
- Added support:
- Kerio Control supports 64-bit hardware.
- Hyper-V on Windows Server 2016
New in Kerio Control 9.0.1 Build 674 Patch 2 (Feb 22, 2016)
- Glibc library update addressing CVE-2015-7547
New in Kerio Control 9.0.1 Build 547 (Jan 19, 2016)
- Fixed: Connection using NAT hairpinning was not reliable
- Fixed: Kerio Control Administration: Incorrect traffic chart captions
- Fixed: Kerio Control Administration: It was not possible to import users from Active Directory
- IP Address Groups, URL Groups and Time Ranges can be shared to all appliances in MyKerio organization
- Extended set of protocols recognized on IPv6 in Bandwidth Management and Kerio Control Statistics
- Network configuration is now automatically determined after deployment in Software and Virtual Appliance
- The connection limit feature improved
- MyKerio username is now logged into config log
- Added PXE-boot DHCP option
- Fixed: incorect remote IP address was displayed in IPsec tunnel details
New in Kerio Control 8.6.2 Build 3847 (Oct 13, 2015)
- IPv6 improvements:
- Kerio Control supports the IPv6 prefix delegation. If your ISP assigns an IPv6 prefix, Kerio Control can become a DHCPv6 client.
- Also Kerio Control includes IPv6 routing table and IPv6 Router Advertisements are fully automatic in this version.
- Control and Support for IPv6 protocol:
- Preventing denial of service:
- The configuration against denial of service has been redesigned. From now on, you can set different limits for one peer, multiple peers, and new connections per minute.
- You can also set an exception for any host:
- Read more in our knowledge base Setting hosts connection limits.
- Other improvements:
- Traffic Rules, Content Filter, Bandwidth Management have been redesigned for better usability.
- All graphics have been optimized for Retina displays.
- The System tile in dashboard warns you if time differs between Kerio Control and your browser.
- Certificates are signed by SHA-256, certificate details now show an SHA-256 fingerprint.
New in Kerio Control 8.6.1 Build 3803-p1 (Sep 5, 2015)
- Fixed: Stability issue in HTTPS filtering
New in Kerio Control 8.6.1 Build 3787 (Sep 2, 2015)
- Added support for Microsoft Edge
- Kerio VPN Client now detects unsupported SSL protocol version
- Improved compatibility with 3rd party IPSec implementations
- Fixed: several minor bugs
New in Kerio Control 8.6.0 Build 3693 Patch 1 (Jun 25, 2015)
- Fixed: TCP connections had 10 seconds timeout until first data packet from server
New in Kerio Control 8.6.0 Build 3673 (Jun 23, 2015)
- Kerio Control can be managed by the MyKerio service
- Email alerts and reports can now be delivered using the MyKerio service
- The connection limit feature redesigned
- The IPv6 prefix delegation: Prefix routed by ISP is now automatically determined by a DHCPv6 client
- Added automatic mode of IPv6 Router Advertisements
- Kerio Control Administration: the IPv6 routing table added
- Native x64 Kerio VPN Client for Linux
- Certificates are signed by SHA-256, certificate details now show an SHA-256 fingerprint
- The System tile in dashboard warns if time differs between Kerio Control and a browser
- Kerio Control Administration: Condition editors (e.g. in Traffic, Content, Bandwidth rules) redesigned for better usability
- All graphics optimized for Retina displays
New in Kerio Control 8.5.3 Build 3469 (May 5, 2015)
- Fixed: Memory leak in IPsec VPN server
- Fixed: Incorrect character encoding in email alerts
- Fixed: Upload/download direction was incorrectly determined in Bandwidth Management inside VPN tunnel
- Fixed: It was not possible to detect remote endpoint fingerprint in Kerio VPN tunnel configuration
- Fixed: Certain traffic from VPN client was not blocked by 2-Step verification
New in Kerio Control 8.5.2 Build 3397 (Apr 14, 2015)
- OpenSSL library updated to version 1.0.1m, SSLv3 and less secure SSL ciphers were disabled
- VPN Client: Remove connection button is disabled when connection list is empty
- Fixed: VPN client opens browser window unexpectedly
- Fixed: Ethernet interface incorrectly kept IP address after cable was disconnected
- Fixed: User was not able to configure 2-Step verification remotely
- Fixed: User was redirected to http:/// after 2-Step verification configuration
New in Kerio Control 8.5.1 Build 3235 (Mar 10, 2015)
- Fixed: Hosts were not redirected to authentication page under some circumstances
- Fixed: Compatibility issue in Ethernet speed and duplex configuration
- Fixed: Stability issue in configuration import
New in Kerio Control 8.5.0 Build 3127 (Feb 17, 2015)
- Added 2-Step verification feature
- Kerio Control Administration: IP Address Groups editor was simplified
- Kerio Control Administration: Overlapping Traffic Rules are now detected
- Kerio Control Administration: It is now possible to select Bits per second or Bytes per second as speed units
- Guest network can use arbitrary DNS server
- Guest network can be selected as source in Content Filter rules and Bandwidth Management rules
- Added new email alerts for Traffic Rules, Content Filter, log message and several system events
- Added Service Discovery forwarding
- Optimized Bandwidth parameters in order to reduce latency
- Config log now contains also names and original values
- VPN Client for OS X installer rewritten to PackageMaker
- VPN Client: Added possibility to name and to delete saved connection
New in Kerio Control 8.4.3 Build 3108 (Jan 30, 2015)
- Fixed: glibc vulnerability CVE-2015-0235
New in Kerio Control 8.4.2 Build 2869 (Nov 27, 2014)
- Fixed: It was not possible to import configuration under some circumstances
- Fixed: NTLM was not performed automatically by browsers
- Fixed: Kerio Control Administration: it was not possible to edit URL group with more than 500 entries
- Fixed: VPN Client for OS X invalid driver signature
- Fixed: several minor issues in Kerio Control Statistics
New in Kerio Control 8.4.1 Build 2731 (Oct 24, 2014)
- OpenSSL library updated to version 1.0.1j addressing CVE-2014-3566 (POODLE)
- Frequent MAC address changes caused by NIC teaming are not logged into host log.
- VPN Client: Added support for OS X 10.10 Yosemite
- Added support for Safari 7.1 and 8 browser
- Fixed: Filename condition in Content Filter could break some websites
- Fixed: stability issue caused by IPv6 policy routing
- Fixed: several issues in HTTPS filtering
New in Kerio Control 8.4.0 Build 2650 (Oct 14, 2014)
- Added RADIUS server for user authentication and WPA2 Enterprise WiFi security
- Added HTTPS filtering feature
- Added Guest interface group
- Traffic rules now works also for IPv6 traffic
- Statistics web interface is now responsive for optimal viewing experience on mobile devices
- VLAN are now imported from configuration backup
- Added support for WebSockets using HTTP Upgrade header
- Interface and system statistics charts are persistent across restarts
- Hostname condition now uses internal DNS cache and match also subdomains
- Added ability to specify syslog port, facility and application
- It is possible to view built-in certificates and import certificates without private key
- Fixed: IPsec tunnel re-authentication with Cisco ASA
- Improved Reverse HTTP proxy compatibility with HTTP Location header redirects
- Improved FTP bounce attack protection
- Passwords are now always stored in MS-CHAP v2 compatible format for Local users
New in Kerio Control 8.3.4 Build 2461 (Aug 26, 2014)
- Fixed: fragmented packets were incorrectly routed
New in Kerio Control 8.3.3 Build 2342 (Jul 23, 2014)
- Fixed: stability issue in HTTP proxy
- improved DNS timeout detection in Kerio Control Web Filter
- additional WebDAV methods were allowed in HTTP proxy
New in Kerio Control 8.3.2 (Jul 23, 2014)
- Fixed: packets was sometimes incorrectly dropped by MAC lter due to empty MAC address
- Fixed: OpenSSL vulnerability CVE-2014-0224
- Fixed: SQL injection vulnerability in Kerio Control Statistics
- Authentication on HTTP connection is now not required inside VPN tunnel
- Supported operating systems and hypervisors updated to recent versions
New in Kerio Control 8.3.1 Build 2108 (Jun 7, 2014)
- Logo and page title on web interface is now customizable
- Fixed: incorrect MAC address was assigned to host on DNAT connection
- Fixed: Statistics database could be corrupted by non-UTF8 characters
- Fixed: Packets from firewall are now correctly logged in filter log in case of NAT
- Fixed: IPS false positives on SMTP connections
- Fixed: Kerio Control Administration: It is now possible to add VLAN in Google Chrome
- Fixed: Kerio Control Administration: Incorrect row was focussed after Reset on different screens
New in Kerio Control 8.3.0 Build 1988 (Apr 24, 2014)
- Reverse proxy
- Trac rules: new wizard for creating trac rules
- Trac rules: text search
- Trac rules: test rules
- Trac rules: row hiding
- Trac rules: last Used column
- Trac rules: added more colors
- You can create a group of services
- Bandwidth management rules can be now applied to VPN tunnel trac before
- encryption
- Dynamic DNS client now can detect public IP address
- Automatic login now doesn’t work for users disabled in a directory service
- MAC address can now be used for automatic user login
- Active hosts now shows MAC address
- MAC Filter can now automatically permit MAC addresses used in DHCP reservations
- and automatic user login
- New Host log introduced
- Added support for FTP in automatic conguration backup
- Manually assigned IP addresses within DHCP scope can now be blocked
- DHCP reservation and automatic user login can be created from context menu on
- Active Hosts screen
- Fixed: DNS forwarder now forwards DKIM queries
- Linux kernel upgraded to version 3.12
- Fixed: OpenSSL vulnerability CVE-2014-0160
New in Kerio Control 8.2.2 Build 1684 (Feb 4, 2014)
- Fixed: possible deadlock in Content Filter
New in Kerio Control 8.2.2 Build 1619 (Jan 14, 2014)
- Pre-windows 2000 account name is now used if user have secondary UPN sux in
- Active Directory
- Fixed: Stability issue in User database
- Fixed: Forbidden words was always disabled after reboot
- Fixed: Kerio Control Administration: Several minor stability issues
New in Kerio Control 8.2.1 Build 1461 (Dec 5, 2013)
- Content Filter: File name is now detected also in URL
- Kerio VPN Client: Driver is not installed to /System/Library/Extensions on OS X 10.9 Mavericks
- Fixed: Content rule URL condition "*" incorrectly matches non-HTTP connections
- Fixed: Stability isuue in HTTP protocol inspector
- Fixed: HTTP cache TTL was not computed correctly
- Fixed: Kerio Control Administration: several stability issues
New in Kerio Control 8.2.0 Build 1334 (Nov 19, 2013)
- Content Filter feature replaces HTTP and FTP policy
- Added L2TP interface type
- PAE was enabled in Linux kernel, more than 4GB of RAM are now detected
- IPv6 support was added to HTTP protocol inspection
- Space occupied by HTTP cache is now reported in storage space management
- Enabled workaround for poor performance of particular TCP connections in VMWare
- vmxnet driver
- Backup DNS servers are now detected in Active Directory domain
- HTTP proxy server now supports method OPTIONS
- Kerio Control Administration: definitions can be edited directly from the policy
- screens
- Kerio Control Administration: unsupported Ethernet port speed / duplex is now reported
- Kerio Control Administration: particular screen can be opened by URL bookmark
- Fixed: Kerio Control Administration: Properties of user named "admin" from Active
- Directory are now editable
- Added support for Internet Explorer 11 and Safari 7 browsers
New in Kerio Control 8.1.1 Build 1212 (Oct 10, 2013)
- Fixed: It was impossible to add user to rule if AD contains thousands of objects
- Fixed: Samepage.io backup API update
New in Kerio Control 8.1.1 Build 928 (Jul 23, 2013)
- Added support for multiple organizations in Samepage.io backup
- Fixed: Dynamic DNS hostnames used in policies was not repeatedly resolved
- Fixed: IP mask could be incorrectly configured in case of multiple IP addresses on interface
- Fixed: FTP connection was closed with a 10 seconds delay
New in Kerio Control 8.1.0 Build 845 (Jun 25, 2013)
- Added ability to backup configuration to Samepage.io automatically
- Added support for monitoring with SNMP
- Kerio Control Administration: Added IP Tools - Ping, Traceroute, DNS Lookup, Whois
- Added login guessing protection
- Added support for regular expressions in URL
- Added failover for VPN tunnel
- Kerio Control Administration: Added Packet Dump management
- Appliance Edition: Added support for the most common RAID controllers
- Removed limit of 2048 MB in HTTP cache size
- Kerio Control Administration: Added ability to navigate by letter keys in lists of items
- Kerio Control Administration: Definitions: Added filtering and improved paging
- Kerio Control Administration: Added tooltips with values in MB or GB instead of kB in User Statistics and Traffic Charts
- Kerio Control Administration: MAC address related to a DHCP lease can be searched in multiple scopes
- Kerio Control Administration: Added possibility to delete declined DHCP leases
- Kerio Control Administration: Added ability to view, delete, download rotated log files
- Added possibility to edit Local networks for IPsec tunnels
- Added support for chunked transfer encoding in HTTP POST
- Kerio Control statistics: improved recognition of major social networks and multimedia sites
- Kerio Control Administration: Improved status reporting of VPN tunnels
- Fixed: Local transparent proxy didn't work for IPsec tunnel
- Kerio Control Administration: Fixed: it was not possible to enter 255.255.255.255 into mask field
- Fixed: Passive IPsec tunnel was not reconnected after its configuration was changed
- Fixed: SIP calls didn't work when primary line went back online in failover scenario
- Fixed: Incorrect interface names was logged in filter log
- Fixed: MS-CHAP v2 password hash was incorrectly computed for users in local database
- Dropped support for Parallels hypervisor
New in Kerio Control 8.0.1 Build 609 (Apr 2, 2013)
- Kerio Control Administration: password inputs behavior unified
- Local ID of IPsec tunnel is now editable
- Fixed: IPsec clients was disconnected after 3 hours
- Fixed: HTTP header "Referer" was incorrectly removed under specific circumstances
- Fixed: It was not possible to establish IPsec tunnel with more than 5 authorities in certificate store
- Fixed: Remote ID of IPsec tunnel was incorrectly determined if the certificate was not in certificate store
- Fixed: "Unable to check whether the VPN server's security certificate has or has not been revoked" warning was incorrectly displayed.
New in Kerio Control 8.0.0 Build 551 (Mar 13, 2013)
- IPsec PSK can now contain special characters
- SSL key size increased to 2048b
- Fixed: Week User and Trac statistics were lost during restart
- Fixed: IPsec tunnel works after endpoint is renamed
- Fixed: IPsec tunnel now reconnects after PPPoE line failure
New in Kerio Control 8.0.0 RC 1 (Mar 13, 2013)
- Routing between IPsec tunnels is now congured automatically
- Administration and web interface is now available on port 80 (HTTP) and 443 (HTTPS)
- Passwords can be stored in MS-CHAP v2 compatible format in local user database
- Fixed: TCP RST packet was not allowed during 3-way handshake
- Fixed: Stability issue in HTTP keywords ltering
- Fixed: ICMP packet replay protection
- Fixed: HTTPS URL ltering now blocks reused sessions
- Fixed: HTTP cache had negative impact on throughput
New in Kerio Control 8.0.0 Beta 1 (Mar 13, 2013)
- Added IPsec VPN server
- Added IPsec VPN tunnel support
- Added certicate store for easier certicate management
- Added support for IPv6-only servers to non-transparent HTTP proxy
- SSL and TLS encryption can now be used in communication with SMTP relay
- WebFilter now lter HTTPS trac over HTTP proxy
- Kerio Control Administration: Load time of dashboard was reduced
- Kerio Control Administration: Firefox and Chrome browsers on Android mobile devices are now supported
- Dropped support for all Windows platforms
- Build-in pluins for external antivirus removed
- Hardware Appliance: LAN switch interface without Ethernet link now keeps it’s IP address
- Original URL instead of le name is now matched against antivirus URL rules
- Kerio Control Administration: Application menu and automatic refresh was re-
- designed
- Fixed: Control now honor TTL values in DNS
- Fixed: Dropped incoming packets are now accounted in Bandwidth management
- Fixed: Statistics contained "Unknown" user
- Fixed: BOOTP message now contains IP address of DHCP server
- Fixed: DHCP server assigns wrong addresses in case of multiple subnets on one interface
- Fixed: HTTP cache didn’t re-validate document if HTTP header "max-age=0" was present
- Fixed: Kerio Control Administration: System uptime was shown as NaN:NaN:NaN
New in Kerio Control 7.4.1 Build 5051 (Dec 5, 2012)
- Hyper-V server 2012 support added
- Internet Explorer 10 support added
- Hostname specified on Web Interface configuration screen is now used in alerts and email reports
- Appliance Edition: Gratuitous ARP is send for each bound IP address
- Improved HTTPS filtering effectiveness
- Fixed: Appliance Edition: Time is not synchronized with NTP server
- Fixed: Specific connections cannot be established using RAS (PPP) interfaces on Windows 7 / 2008R2 platform
- Fixed: Stability issue in configuration export
- Fixed: Groups mapped from Active Directory with a special characters in their name doesn't contain users
- Fixed: Stability issue in URL filter
- Fixed: Anti-spoofing feature blocks reception of firewall's own broadcasts and multicasts
- Fixed: Email reports may contain no data
- Fixed: Kerio Control Administration: Cannot edit reservation in DHCP manual mode
- Fixed: Kerio Control Administration: It is possible to add/move IP group from opened page only
New in Kerio Control 7.4.0 Build 5027 (Nov 12, 2012)
- Fixed: connections to VPN server on PPP interface cannot be established
New in Kerio Control 7.4.0 Build 4986 (Nov 12, 2012)
- HTTPS traffic filtering
- Added support for Microsoft Hyper-V including pre-built virtual appliance image
- Statistics for groups
- Users can now view their own statistics
- Added possibility to send user statistics as a regular email report
- User photos in statistics
- Kerio Control Administration dashboard
- Appliance Edition: Added support for 802.1Q VLAN interfaces
- User can now report incorrect Kerio Control Web Filter categorization directly from Denial Page
- Added possibility to allow inbound IPv6 connections from/to specified addresses
- New categories added to Kerio Control Web Filter
- Kerio Control Web Filter now categorizes URLs embedded inside original URLs (used for example by Google Translate)
- Appliance Edition: Added possibility to configure link speed and duplex for the links
- Appliance Edition: Added possibility to use gateway which does not match local subnet
- Added support for load balancing multiple PPPoE connections established to single ISP (to the same IP subnet)
- It is now possible to move DHCP reservation between scopes
- External antivirus support removed. Previously configured external antivirus remains set but it is not possible to configure new external antivirus.
- Significantly improved performance when configuring large number of IP addresses on an interface
- Deny pages redesigned
- Administrator is warned when leaving Kerio Control Administration while edit dialog is open in order to prevent data loss
- Kerio Control Administration: Graphs design improved
- Kerio Control now uses multiple NTP servers in order to increase time synchronization reliability
- When duplicating a rule in the list, the new rule is now always created below the original rule
- Improved NTLM compatibility - now NTLM should work out of the box in most scenarios
- It is now possible to test SMTP relay before applying it's configuration
- Kerio Control Administration: Less often used buttons merged to 'More actions' button to save space
- Turning antivirus scanning off on SMTP connections now can resolve greylisting incompatibility issues
- Added the possibility to continue using backup internet line in failover mode
- Increased timeout for SIP connections
- Improved performance of user authentication on proxy server
- Extended configuration options of HTTP cache
- Number of users and connected devices is now visible on dashboard
- Fixed: SSH session established through the firewall could timeout
- Fixed: Kerio Control Web Filter failed to categorize extremely long URLs
- Fixed: DNS forwarder failed to forward queries for names longer than 128 bytes.
- Kerio Control Administration: several minor improvements, increased stability
- Fixed: Appliance Edition: When joining domain A record for firewall host was not added on domain's DNS server. Client computers were not able to access the firewall when using domain's DNS server.
- Fixed: VPN Server IP address was not displayed on the Interfaces screen
- Fixed: It was not possible to create VPN tunnel with custom routes only
- Fixed: If automatic login IP address configured for first user was later configured for another user, it was deleted for the first user without any warning.
- Fixed: IPv6 connection timeout was not correctly changed after FIN or RST was received
- Fixed: Appliance Edition: IP address and routes were not removed from interface on cable disconnect
- Fixed: BOOTP server sometimes failed to configure TFTP server (causing PXE boot to fail under certain circumstances)
- Fixed: Traffic charts for rules involving time intervals did not work properly
- Fixed: Moving system date/time forward disconnected Kerio Control Administration
- Fixed: Kerio Control installation failed if profile folder was on other than system partition
- Fixed: Antivirus now works in trial mode
- Fixed: Wrong policy routing applied after change of routing table
- Fixed: Persistent VPN on Mac OS X 10.8 Mountain Lion
- Fixed: NAT was not applied correctly on SIP connections
New in Kerio Control 7.3.2 Build 4445 (Jun 13, 2012)
- Integrated web server PHP hardened
- Maximum number of IPv4 addresses per interface increased
- Updated list of supported VMWare hypervisors
- VPN Client: updated list of supported linux distributions
- Fixed: It was not possible to edit Traffic, HTTP or FTP rules after upgrade from Kerio WinRoute Firewall 6 if some of the original rules was unnamed
- Fixed: Kerio VPN Client service was not properly started after Kerio VPN Client upgrade - machine reboot was required
- Fixed: Potential crash in NTLM authentication
- Fixed: Potential crash in Dynamic DNS client
New in Kerio Control 7.3.1 (Jun 13, 2012)
- VPN Client can now use VPN as a default route (based on VPN Server configuration, both VPN Client and VPN Server must run version 7.3.1 or newer)
- Computer connected through Kerio VPN now prefers DNS server accessible through the VPN instead of the local one
- Appliance Edition: Ethernet cable status change is detected
- Appliance Edition can now be installed using USB installation disk
- IPv6 connection logging can now be enabled/disabled in Security Settings
- Fixed: Routing problems with VPN (both clients and tunnels) when multiple Internet connections are used
- Fixed: Connection going through NAT could be dropped under certain circumstances
- Fixed: Configuring autologin from Firewall for one user can lead to autologin configuration reset for another user (if Address Group was used)
- Fixed: Fixed: Administration Console: some DHCP options (option 21, option 33) were not saved
- Fixed: Dial-up/Hang-up RAS scripts were not executed
- Fixed: Policy routing did not work for Firewall host
- Fixed: IGMP multicasts were dropped and reported as Malformed packets
- Fixed: Bandwidth Management default rule matched IPv6 traffic
- Fixed: Several minor design issues in StaR email reports
- Fixed: Kerio Control Administration: custom route description was mandatory
- Fixed: Support incident cannot be opened for registered trial
- Fixed: Kerio Control Administration: auto refresh did not work in Active Hosts -> Connections
- Fixed: Administration Console: several minor bugs
New in Kerio Control 7.3.0 Build 3861 (Mar 1, 2012)
- StaR email reports
- Basic IPv6 support
- Daily IPS Blacklists updates
- Speed and stability of Kerio Control Administration has been improved with smart caching of data and resources
- Possibility to Suggest Idea to Kerio from the product
- Voluntary usage statistics gathering
- Appliance Edition: Improved hardware support
- Appliance Edition: Added possibility to manually specify DNS and gateway for DHCP configured interfaces
- Web Filter categories can be reviewed in list of URL Rules in Kerio Control Administration
- Yandex added to list of search engines (StaR and HTTP policy)
- CIDR notation can be used to specify network mask in Kerio Control Administration
- Kerio Control Administration suggests optimum values for some items, e.g. network masks
- Comma and space are converted to a delimiter while entered in field for IP address or mask in Kerio Control Administration
- Appliance Edition: PPPoE interface is hung up and redialed when administrator changes interface MTU
- Kerio Control Administration displays warning if Kerio Control runs on a computer with RAM size not meeting system requirements
- Connection log used to display DNS names if available IP addresses otherwise. Now the IP address is always displayed (together with the DNS name)
- Kerio Web Filter server address changed
- HTTP keywords filtering performance significantly improved
- Fixed: Appliance Edition: StaR database engine could crash
- Fixed: Several minor bugs in Microsoft Active Directory integration
- Fixed: Link Load Balancing can cause long HTTP session to expire
- Fixed: Antivirus scanning rules ignores URLs which begin with 'ftp://'
- Fixed: Server defined as IP:port was not handled properly in HTTP policy
- Fixed: Unable to login to Kerio Control Administration when primary domain is inaccessible and user account "Admin" is missing in local user database
- Fixed: Unable to start Web administration from Kerio Control Monitor on Windows x64 platforms under certain circumstances
- Fixed: User name containing special characters is not displayed correctly in StaR
- Fixed: Deleted files are kept in the list of files until screen is refreshed in Clientless SSL-VPN
- Fixed: Direct SIP calls between two clients in Local network are reported as SIP VoIP in StaR
- Fixed: VPN Client: It was not possible to connect to VPN server defined by name with an underscore
- Fixed: Uninstallation could leave some files (upgrade backups) on disk
- Fixed: Error "(99) Socket error: Unable to bind socket for service" sometimes logged on firewall startup
- Fixed: Appliance Edition: Admin account remained disabled when importing configuration from Windows with disabled Admin account
- Fixed: Appliance Edition: Restart after configuration import sometimes freezed the appliance
- Fixed: Appliance Edition: Low free space alert was not sent for depleted temporary storage
- Fixed: Windows Firewall was not sometimes correctly stopped on Kerio Control engine startup
- Fixed: HTTP Protocol Inspector unnecessarily closed keepalive connection after HTTP 304 response had been received
- FTP over HTTP proxy: improved upload speed on high speed lines with high latency
- Improved error handling in configuration export/import
- Appliance Edition: Improved stability of KRB5 authentication
- Serial port removed from Parallels Virtual Appliance
New in Kerio Control 6.7.1 Patch 2 Build 6544 (Apr 28, 2010)
- Software Appliance: Fixed: IP fragmentation now works correctly
- Fixed: Random crash in login to Administration web interface
- Fixed: Long URLs are now categorized by Kerio Web Filter
- Timezone database was updated
- Software Appliance: support for more network cards and hard drives was added
- Fixed: NTLM authentication works if user name contains national characters
New in Kerio Control 6.7.1 (Apr 28, 2010)
- Software Appliance / VMware Virtual Appliance Edition
- Active Directory Domain Integration
- Support for Microsoft Windows 7
- Workaround added for devices with broken PPTP support
New in Kerio Control 6.7.0 (Apr 28, 2010)
- Web Administration (https://:4081/admin)
- Configuration Export/Import
- ISS OrangeWeb Filter replaced by Kerio Web Filter
- Microsoft Windows 7 preliminary support
New in Kerio Control 6.6.0 (Apr 28, 2010)
- VPN client for Windows runs as a service (it is possible to have VPN established before login to Windows)
- VPN server propagates WINS servers and DNS domain suffix to VPN client
- VPN client now uses primary IP address on VPN adapter (improved Network Neighborhood browsing)
- Added support for Eset NOD32 Antivirus 3.0/4.0
- Fixed CPU load peak every 3 seconds caused by DHCP renew on VPN adapter
- The Kerio VPN Client does not allow multiple concurrent VPN connections.
- The extended and the basic mode of the Kerio VPN Client have been merged.
New in Kerio Control 6.5.2 (Apr 28, 2010)
- fixed memory leak in DNS forwarder
- fixed 100% CPU bug when emailing alerts
- fixed possible crash in LDAP (this fix supposed to be in 6.5.1 but wasn't)
- fixed web interface login page did not show in Internet Explorer 5
New in Kerio Control 6.5.1 Build 5000 (Oct 23, 2008)
- fixed possible crash in LDAP
- fixed incompatibility with VPN configured in Routing and Remote Access
- fixed possible deadlock in DNS resolver
- fixed compatibility/performance issues in UPnP
- fixed compatibility issues with Microsoft Virtual Machine
- fixed incorrect handling of static routes on interfaces in Internet group
New in Kerio Control 6.4.0 Build 3176 (Sep 17, 2007)
- User activity logs in StaR
- Printer ready version of StaR
- Improved overall throughput performance
- NAT was made more traversal friendly for VoIP applications
- Added support for popular dynamic DNS services
- Added URL based web exclusions from StaR
- Added support for weekly quotas
- Added possibility to select users' preferred language
New in Kerio Control 6.3.0-2397 Beta (Jan 20, 2007)
- Added support for Internet Explorer 7 to Kerio Clientless SSL-VPN