Protector 24-5-release-notes


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Protector 24-5-release-notes

  1. 1.       SecPoint®  Protector  24.5  Firmware  Release   January  2014                 ProtectorTM Unified threat management  
  2. 2.   Protector  24.5  Firmware  release     Protector  24.5  January  2014         -­‐ Traffic  Shaper     This   function   is   available   through   the   new   menu   item   “Traffic   Shaper”.  It  allows  to  shape  the  outbound  traffic  depending  on   your   needs.   You   can   choose   to   give   some   computers   in   your   LAN   or   some   type   of   traffic   a   higher   priority   and   a   minimum   guaranteed   bandwidth,   slowing   down   low-­‐priority   traffic   (e.g.   web   surfing)   when   the   need   for   bandwidth   from   critical  services  (e.g.  Mail)  is  higher.     On   a   Protector   connected   in   bridge   mode,   traffic   can   be   shaped   independently   on   each   network  card.   To  define  a  traffic  shaping  on  a  network  card,  you  should  first  enter  the  max.  bandwidth   available  on  that  card,  then  you  can  start  defining  traffic  Classes.  To  each  Traffic  Class  it’s   possible  to  associate  a  type  of  traffic  (by  IP,  port,  protocol)  and  a  minimum  bandwidth.  You   can  also  choose  to  let  the  class  borrow  some  bandwidth  from  other  classes  when  they  are   not   using   theirs.   To   do   this,   use   the   slider   on   the   line   of   the   Class.   A   class   can   borrow   bandwidth  up  to  the  whole  bandwidth  available  on  the  network  card.   Copyright  ©  1999-­‐2014                                                                                                                                                                                                              SecPoint®        Page  2  of  7  
  3. 3.   Protector  24.5  Firmware  release     To   select   the   minimum   bandwidth   for   each   class,   use   the   “Minimum   Rate”   slider.   Here   the   blue   line   represents   the   whole   bandwidth,   and   to   change   the   minimum   rate   assigned   to   each  class,  you  can  simply  move  each  slider  to  the  right  or  left.     When   you   create   the   first   class,   the   Protector   will   automatically   create   a   default   class,   which  is  designed  to  collect  all  unshaped  traffic.  A  default  class  must  always  exist,  and  since   it  is  a  “catch-­‐all”  class,  no  filters  can  be  created  on  it.   In  the  Edit  window,  that  appears  when  you  create  or  edit  an  existing  class,  you  can  select   the  type  of  filter,  the  direction  and  a  priority.     The  direction   defines  whether  the  filter  will  be  active  on  traffic  coming  from  that  IP/port  or   going   to   it.   In   the   example   above,   the   direction   is   “Destination”,   which   means   that   the   selected  CIDR  is  the  LAN.   The   priority   defines   in   which   order   classes   will   be   served.   This   is   useful   when,   for   example,   there  is  an  IP  overlapping  between  two  or  more  classes.     In  any  case  it  is  important  to  remember  that  traffic  shaping  is  possible  on  outgoing  traffic     only.         -­‐   Web  Filter  Control  Panel   To   simplify   the   Web   Filter   management,   we   have   added   a   Control  panel  at  the  bottom  of  the   Setup   page.   This   will   give   an   Copyright  ©  1999-­‐2014                                                                                                                                                                                                              SecPoint®        Page  3  of  7  
  4. 4.   Protector  24.5  Firmware  release     immediate  overview  of  the  status  of  the  Web  Filter  and  allows  to  start/stop  it.   When   a   change   is   made   to   any   parameter,   the   Web   Filter,   if   already   active,   will   automatically   be   restarted   with   the   new  settings,  showing  its  status  in  the   Control  Panel,  as  in  this  image.   Furthermore,   we   have   improved   the   information   on   how   to   connect   to   a   LDAP   server,   such   as   a   Microsoft   Active   Directory,   to   populate   your   Web  Filter  groups  automatically  and  enable  proxy  authentication.  Just  click  on  the  “LDAP   Information”  link  in  this  page  and  follow  the   instructions.         -­‐   Exchange  Server  support   In   the   Domain   User   Management,   that   you   can   find   in   this   menu,  you  can  specify   the   list   of   users   entitled   to   receive   emails.   You   can   also   fetch  users  from  your   LDAP   server.   We   have   increased   the   LDAP   compatibility   in   order   to   support   Microsoft   Exchange  Server,  besides  previously  supported  servers  like  Microsoft  Active  Directory  and   OpenLDAP.   In   this   page   you   can   read   all   information   about   LDAP   support   by   clicking   on   the   link   shown   here.  In  the  Active  Directory  Connection  page,  available  through  this  link  and  through  the   SMTP   menu   (see   picture   above),   you   can   read   more   instructions   on   how   to   setup   LDAP  parameters  to  connect  to   an  Exchange  Server  or  to  an  Active  Directory  Server.   Copyright  ©  1999-­‐2014                                                                                                                                                                                                              SecPoint®        Page  4  of  7  
  5. 5.   Protector  24.5  Firmware  release     -­‐   RBL  Check   You   can   select   Reputation   Block   Lists   in   the   Anti   Spam   menu.   In   this   page,   you   can   select   pre-­‐defined   levels   or   go   to   the   Advanced   Settings   page,   which   allows   to   activate   specific  RBL  lists  to  be  chosen  in   a  set  of  pre-­‐defined  official  lists.     When  the  protector  receives  an   email,   it   will   connect   to   each   RBL  server,  but  if  for  any  reason   this   connection   is   slow   or   cannot   be   established,   every   mail   check   will   take   a   long   time,     with   the   consequence   to   easily   increase   the   length   of   the   incoming   mail   queue   and   the   delay   time   before   each   email   is   delivered.   To   avoid   this,   whenever   an   RBL   server   is   added   or   removed   from   the   list,   the   Protector   will   try   to   connect   to   each   server   and   will   show   the   following   text   when   the   connection  is  successful.   Upon   an   unsuccessful   test,   you   should   review   your   network   settings   by   changing   the   primary  and/or  secondary  DNS.  If  this  is  not  possible,  the  RBL  feature  should  be  disabled.       -­‐   Spam  Learn   A   new   feature   allows   to   automatically   add   a   sender’s   email   address   or   domain   to   the   blacklist  or  whitelist  when  a  mail  is  marked  as  spam  /  non-­‐spam.  If  you  go  to  the  Anti-­‐spam   menu   and   edit   the   mail,   you   will   see   a   new   list   of   actions,   as   in   the   picture   below,   from   where  you  can  select  the  action  that  most  fits  your  needs.   Copyright  ©  1999-­‐2014                                                                                                                                                                                                              SecPoint®        Page  5  of  7  
  6. 6.   Protector  24.5  Firmware  release     And…     Spam   max   size:   New   option   to   set   the   maximum   size   of   an   email   above   which   it   will   be   always  treated  as  not  spam   Domain   User   Management:   When   users   are   added   to   this   list,   the   mail   servers   are   automatically  whitelisted     Antivirus:  when  a  new  license  is  loaded,  the  antivirus  is  automatically  enabled   SMTP   checks:  If  there  are  no  mail  settings,  SMTP  checks  are  disabled,  to  avoid  an  improper   Not  Good  status.  SMTP  checks  have  been  tuned,  when  a  smart-­‐host  /  smart-­‐port  relay  have   been  set,  to  avoid  an  improper  Not  Good  status.   Internet   Explorer:  Improved  compatibility  with  IE,  especially  for  the  unit  initialization,  the   module  start/stop  on  the  home  page,  and  the  appearance.   Web   Filter   Categories:  When  the  list  of  categories  is  updated,  once  a  week,  the  category   names   are   updated   as   well,   to   avoid   to   see   N/A   as   category   name   when   a   web   page   is   blocked.   Spam  Filter  Rules:  New  FuzzyOcr  parameter  added  to  the  web  interface,  so  that  it  can  be   disabled  when  needed,  to  allow  disabling  spam  checks  based  on  image  content   Hard   Block   Listing:   It   is   possible   to   enter   CIDRs,   to   simplify   the   hard   block   of   an   entire   subnet   SMTP  Authorization:  The  password  is  no  longer  displayed  in  clear  text     Menu   Organization:   The   Network   menu   has   been   moved   under   System;   Reboot   and   shutdown   have   been   unified   to   the   same   page;   Better   description   of   some   menu   items   (LDAP,  MCP  etc.)   Videos:  New  link  to  the  latest  available  firmware  video,  new  link  to  all  SecPoint's  videos  on   Youtube,  new  button  to  remove  the  link  to  the  current  firmware  video.  The  link  will  appear   again  when  a  new  video  is  available  or  at  next  firmware  update   Aspect:   Avoid   error   messages   be   displayed   in   the   Module   Control   Panel;   removed   the   white   line   at   the   bottom   of   the   login   image;   avoid   the   system   Messages   column   to   overlap   the   Module   Control   Panel   when   the   Alert   values   are   too   high;   new   grey   bottom   for   the   login  page;  error  messages  on  wrong  logins  displayed  in  the  page  itself  instead  of  a  blank   page;   menu   box   loaded   at   the   same   time   as   the   menu   content,   to   avoid   showing   an   empty   box  while  the  page  is  loading;  different  display  order  of  items  in  the  Module  Control  Panel,   based  on  their  importance   Copyright  ©  1999-­‐2014                                                                                                                                                                                                              SecPoint®        Page  6  of  7  
  7. 7.   Protector  24.5  Firmware  release       System   and   Performance:   New   restartable/failproof   downloader   to   download   firmware   and   dictionary   files;   new   script   to   check   for   the   web   server   to   run   correctly;   better   synchronization   of   modules   and   less   resource   consumption   in   the   Module   Control   Panel;   firmware   information   sent   to   the   default   SecPoint   server   even   if   the   update   server   has   been  changed;  factory  reset  does  not  reset  the  unit's  ID,  to  avoid  forcing  users  to  initialize   the  unit  again   Descriptions:   Better   explanation   of   the   difference   between   TLS   support   and   STARTTLS;   better  description  in  the  list  of  Database  Update  Frequency,  to  add  the  number  of  times  a   day   it's   launched;   LDAP   description   improved   in   Web   Filter   and   Mail,   to   inform   about   Microsoft  Active  Directory  and  Exchange  Server   Bugfix:   when   the   spam   language   is   different   from   default,   it   was   impossible   to   alter   the   signature  files     Copyright  ©  1999-­‐2014                                                                                                                                                                                                              SecPoint®        Page  7  of  7