Jump to content


Photo

END OF SUPPORT - Firmware Release 6.2.x HOTFIXES


  • This topic is locked This topic is locked
28 replies to this topic

#1 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 07 December 2015 - 10:48 AM

This topic is used to announce new hotfixes for firmware release 6.2.0 and future 6.2.x releases.
Please subscribe to this topic if you are interested in availability of new hotfixes for firmware release 6.0.x only.
If you are interested in general announcements of new firmware releases (e.g. 7.0.0) please subscribe to the following forum topic "Firmware Release Announcements" which can be found one level up.

Director, Product Management


#2 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 07 December 2015 - 10:50 AM

Hotfix 730: Dynamic Routing
 
Summary Improvements to multipath routing and minor dynamic routing features.
Publish Date Dec 7, 2015
Type Hotfix
 
Size 6.0 MB
 
Applies to
6.2.0 (NG Firewall and NG Control Center)
 
Components
OSPF/RIP/BGP (NG Firewall and NG Control Center)
 
Description
This hotfix includes the following improvements:
 
      * Multipath routes are now handled correctly.
      * Prefix Lists as a Route-map match condition are now handled correctly.
      * It is now possible to configure point-to-multipoint interface types.
      * It is now possible to configure default-originate for BGP.

Director, Product Management


#3 Tim Warr

Tim Warr
  • Members
  • 49 posts

Posted 14 December 2015 - 10:22 AM

Hotfix 734 - Client Application Tunnels
 
Summary Client Application Tunnels now work for RDP
Publication date Dec 14, 2015
Type Hotfix
 
Applies to
6.2.0 (NG Firewall and NG Control Center)
 
Components
VPN (NG Firewall and NG Control Center)
 
Description
This hotfix for the Barracuda NG Firewall addresses the following issue: Unable to launch a Client Application Tunnel ([client program] link)


#4 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 15 December 2015 - 09:57 AM

Hotfix 729: Cumulative Application Control Hotfix
 
Summary Improvements for various Application Control features.
Publication Date Dec 15, 2015
Type Hotfix
 
Size 32.8 MB
 
Applies to
6.2.0 (NG Firewall and NG Control Center)
 
Components
Forwarding Firewall (NG Firewall and NG Control Center)
Virus Scanner (NG Firewall and NG Control Center)
CC VPN (NG Firewall and NG Control Center)
VPN (NG Firewall and NG Control Center)
Host Firewall (NG Firewall and NG Control Center)
 
Properties
Might trigger a reboot.
 
Description
This hotfix includes the following improvements:
 
File Content Filtering:
  • File Content Filtering for file transfers sent with "Content-encoding: none" or "Transfer-encoding: none" now work as expected.
  • File Content Filtering for base64 encoded data using invalid characters is now handled correctly.
  • Removing small email attachments now works as expected.
 
Application Control:
  • Application rule evaluation based on risk, category, or property now works as expected for HTTPS when SSL Interception is not used.
  • Improved UltraSurf, SAP, and Citrix detection.
 
SSL Interception:
  • SSL handshakes now work as expected for HTTPS sites that do not allow TCP packets with a TCP window size of zero during the handshake.
Telemetry Data:
  • Telemetry data transfer now works as expected.

Director, Product Management


#5 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 17 December 2015 - 03:30 AM

Hotfix 735: DNS Vulnerability

 

Summary BIND update to fix security vulnerability.
Publication Date Dec 16, 2015
Type Hotfix
 
Size 3.9 MB
 
Applies to
6.2.0 (NG Firewall and NG Control Center)
 
Components
Caching DNS (NG Firewall and NG Control Center)
DNS Server (NG Firewall and NG Control Center)
 
Description
Updated BIND to version 9.9.8P2 to fix the following security vulnerability CVE-2015-8000.

Director, Product Management


#6 Tim Warr

Tim Warr
  • Members
  • 49 posts

Posted 25 February 2016 - 10:01 AM

Hotfix 752 - Realtek Network Interfaces
 
Summary Fix setting speed and duplex settings manually
Publication date Feb 25, 2016
Type Hotfix
 
Size 643.7 KB
 
Applies to
6.2.1 (NG Firewall and NG Control Center)
 
Description
This hotfix includes the following improvements:
Forcing network interfaces using 8169.ko module to manually set speed and duplex settings now works as expected.
The following hardware appliances use Realtek network interfaces: NextGen Firewall F10b, F100b, F101b, F200b, F201b, F200c, F201c, F300b, F301b
 
For changes to take effect go to CONTROL > Box and in the network menu click "Restart active network configuration".


#7 bad-wurzach

bad-wurzach
  • Members
  • 19 posts

Posted 28 February 2016 - 11:06 AM

Hi Tim,

is it possible that you writing a additional note if the box do a reboot after hotfix installation?!

 

Regards,

Daniel



#8 Christine Affenzeller

Christine Affenzeller
  • Members
  • 11 posts

Posted 15 March 2016 - 09:14 PM

why are there no more posts about the new hotfixes 753 and 759? we are in the middle of the night updating to 6.2.1 only to find out now that there is more important hotfixes. I relied on getting updates from this list...

 

It would also be good to know which hotfixes are included in the cumulative 759. its not listed in the download section.

 

 

 

Hello Christine,

 

we encountered technical issues with the community portal over the weekend. Sorry for any inconveniences.



#9 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 16 March 2016 - 02:26 AM

Hotfix 762 - HTTP Proxy

 

Summary Fix group ACL and reverse proxy issues
Publication date Mar 11, 2016
Type Hotfix
 
Applies to
6.2.1 (NG Firewall and NG Control Center)
 
Description
This hotfix includes the following improvements:
Using Partial Search in Group ACLs now works as expected. Workers for reverse proxy configurations no longer fail on startup.

Director, Product Management


#10 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 16 March 2016 - 02:32 AM

Hotfix 759 - Cumulative Firewall Hotfix
 
Summary Cumulative hotfix to address multiple issues. Please see the description for details.
Publication date Mar 15, 2016
Type Hotfix
 
Size 157.4 MB
 
Applies to
6.2.1 (NG Firewall and NG Control Center)
 
Properties
Might trigger a reboot.
 
Description
This hotfix includes the following improvements:
 
The firewall no longer freezes in rare cases and requires a manual reboot.
The firewall no longer blocks sessions because of exceeding session limits.
URL Filter response messages are now displayed correctly.
The Firewall Application Monitor now shows data as expected.
IPS in report only mode now triggers the correct log message.
Forwarding Firewall statistics now work as expected.
SMTPS sessions are no longer scanned for malware if globally disabled.
ATD now shows message recipients for scanned attachments.
IPsec tunnel stability improvements.
The IPv6 ruleset in the Forwarding Firewall now loads as expected.
Monitoring a network interface via acpfctrl now works as expected.
Sessions now sync correctly in a HA cluster between firewalls.

Director, Product Management


#11 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 24 March 2016 - 03:26 AM

Hotfix 771 - Wi-Fi Service
 
Summary Fixed support for multiple Wi-Fi services
Publication date Mar 24, 2016
Type Hotfix
 
Size 527.9 KB
 
Applies to
6.2.1 (NextGen Firewall F-Series)
 
Description
This hotfix includes the following improvements:
 
Configuring multiple Wi-Fi services on a firewall with a Wi-Fi interface now works as expected.

Director, Product Management


#12 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 24 March 2016 - 03:29 AM

Hotfix 765 - DNS Server
 
Summary Update BIND to fix several security vulnerabilities
Publication date Mar 23, 2016
Type Hotfix
 
Size 3.9 MB
 
CVEs
  • CVE-2016-1285
  • CVE-2016-1286
  • CVE-2016-2088
Applies to
6.2.1 (NextGen Firewall F-Series and Control Center)
 
Description
This hotfix includes the following improvements:
 
Updates BIND to version 9.9.8-p4 to fix the following security vulnerabilities: CVE-2016-1285, CVE-2016-1286, and CVE-2016-2088.

Director, Product Management


#13 Tim Warr

Tim Warr
  • Members
  • 49 posts

Posted 06 April 2016 - 06:32 AM

Hotfix 763 - SSL VPN
 
Summary Fixed connection not always successful for some web forwards
Publication date Apr 6, 2016
Type Hotfix
 
Size 38.2 MB
 
Applies to
6.2.1 (NextGen Firewall F-Series and Control Center)
 
Blocks package on NG Control Center  Hotfix 760 - SSL VPN
Blocks package on NG Firewall  Hotfix 760 - SSL VPN
Obsoletes package  Hotfix 760 - SSL VPN
 
Components
VPN (NextGen Firewall F-Series and Control Center)
 
Description
This hotfix contains the following improvements:
Launching an OWA web forward works as expected.
Launching a web forward that uses long query parameters works as expected


#14 Martin Weinecke

Martin Weinecke
  • Members
  • 8 posts

Posted 07 April 2016 - 04:16 AM

Hi

 

is it save

to install hotfix 763 "SSL VPN" (released Mar 10 2016 but postet April 6 2016)

when hotfix 765 "DNS Server" (released Mar 23 2016 and posted Mar 24 2016)

is already installed?

 

Regards

Martin



#15 Tim Warr

Tim Warr
  • Members
  • 49 posts

Posted 07 April 2016 - 04:33 AM

Hi Martin,

 

Thanks for checking. Yes it should be safe - they are both for different services anyway. Although we initially had hotfix 763 released earlier, we did not share it externally due to a prolonged beta phase with a couple of key customers to double check it. That said it is a bit confusing, so I will edit publication date to clarify it.

 

Thanks,

Tim 



#16 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 25 April 2016 - 02:03 AM

Hotfix 772 - Cumulative Hotfix

 

Summary Fix various Firewall, VPN, IPFIX, and Virus Scanning issues.
Publication date Apr 22, 2016
Type Hotfix
 
Size 161.6 MB
 
Applies to
6.2.1 (NextGen Firewall F-Series and Control Center)
Required by
Hotfix 775 - Secure Access Concentrator and Control Center
 
Blocks package on NG Control Center: Hotfix 759 - Firewall
Blocked by package on NG Control Center: Hotfix 775 - Secure Access Concentrator and Control Center
Blocks package on NG Firewall: Hotfix 759 - Firewall
Blocked by package on NG Firewall: Hotfix 775 - Secure Access Concentrator and Control Center
Obsoletes package: Hotfix 759 - Firewall
 
Components
  • Forwarding Firewall (NextGen Firewall F-Series and Control Center)
  • Virus Scanner (NextGen Firewall F-Series and Control Center)
  • CC VPN (NextGen Firewall F-Series and Control Center)
  • VPN (NextGen Firewall F-Series and Control Center)
  • Host Firewall (NextGen Firewall F-Series and Control Center)
 
Properties
Might trigger a reboot.
 
Description
This hotfix includes the following improvements:
 
Firewall
  • The firewall no longer freezes in rare cases and requires a manual reboot.
  • The firewall no longer blocks sessions because of exceeding session limits.
  • URL Filter response messages are now displayed correctly.
  • The Firewall Application Monitor now shows data as expected.
  • IPS in report only mode now triggers the correct log message.
  • Forwarding Firewall statistics now work as expected.
  • SMTPS sessions are no longer scanned for malware if globally disabled.
  • ATD now shows message recipients for scanned attachments.
  • IPsec tunnel stability improvements.
  • The IPv6 ruleset in the Forwarding Firewall now loads as expected.
  • Monitoring a network interface via acpfctrl now works as expected.
  • Sessions now sync correctly in a HA cluster between firewalls.
  • The firewall now reports intermediate reports with O(1) complexity instead of O(n*n).
  • The intermediate reports are not packed to fit the MTU in lo.
 
IPFIX
  • IPFIX: now supports uniflow/biflow templates and a new type without any barracuda fields.
  • IPFIX: now uses one allocation for the message and works with references to reduce page faults.
  • IPFIX: Data is now matched to the MTU when using udp to force the delivery of the message.
  • IPFIX complete different internal logic to reduce context switches.
 
Virus Scanner
  • Fixed a problem with Avira where after a fail close in zip files we were not clearing the results.
  • Improved ClamAV patterns and options.
  • Fixed possible DOS if one admin modified the queue database and manually inserted null.
  • Fixed possible SQL injection by the admin in the email field.
  • Improved options for SMTP display in NextGen Admin.
  • Fixed proxy management and setup when connecting to ATD servers.
  • Fixed a segfault in the HA sync.
  • Added support to scan HTTP and HTTPS connections using chunked transfer encoding. It is enabled by default and can be configured with the latest NG Admin (6.2.1-104) in Security Policy - Virus Scanner Configuration - Advanced - Stream Scanning Buffer.
  • Various SMTP and SMTPS scanning improvements.
 
VPN Service
  • Site-to-site VPN tunnels between Cisco ASA and F-Series Firewalls now work as expected when the F-Series Firewall is the active partner.
  • Fixes crash when using too small cipher keys for AES assembler implementation

Director, Product Management


#17 Tim Warr

Tim Warr
  • Members
  • 49 posts

Posted 26 April 2016 - 05:10 AM

Hotfix 775 - Secure Access Concentrator and Control Center
 
Summary Support for Secure Connector firmware 1.0.0 and 1.0.1
Publication date Apr 26, 2016
Type Hotfix
 
 
Size 21.9 MB
Applies to 6.2.1 (NextGen Firewall F-Series and Control Center)
Requires package Hotfix 772 - Cumulative Hotfix
Blocks package on NG Control Center Hotfix 772 - Cumulative Hotfix
Blocks package on NG Firewall Hotfix 772 - Cumulative Hotfix
 
Components
  • Box Configuration (NextGen Firewall F-Series and Control Center)
  • CC Configuration Service (NextGen Firewall F-Series and Control Center)
  • CC VPN (NextGen Firewall F-Series and Control Center)
  • VPN (NextGen Firewall F-Series and Control Center)
  • CC Database (NextGen Firewall F-Series and Control Center)
 
Description
This hotfix contains the following improvements:
  • Support for NextGen Firewall Secure Connector firmware 1.0.0 and 1.0.1 for the NextGen Control Center and Secure Access Concentrator.
  • This hotfix performs a reset of the SC configuration database. Existing SC configurations will be lost. This hotfix requires NextGen Admin version 6.2.1-104 or newer.


#18 Tim Warr

Tim Warr
  • Members
  • 49 posts

Posted 03 June 2016 - 04:53 AM

Hotfix 784 - CC Database
 
Summary Improves the configuration and error handling for the CC Database.
Publication date Jun 2, 2016
Type Hotfix
 
Size 13.9 MB
Applies to
  • 6.2.1 (NextGen Firewall F-Series and Control Center)
Requires package
  • Hotfix 779 - Secure Access Concentrator and Control Center
Blocks packages on NG Control Center
  • Hotfix 775 - Secure Access Concentrator and Control Center
  • Hotfix 779 - Secure Access Concentrator and Control Center
  • Blocks packages on NG Firewall
  • Hotfix 775 - Secure Access Concentrator and Control Center
  • Hotfix 779 - Secure Access Concentrator and Control Center
 
Components
  • Box Configuration (NextGen Firewall F-Series and Control Center)
  • CC Configuration Service (NextGen Firewall F-Series and Control Center)
  • CC Database (NextGen Firewall F-Series and Control Center)
 
Description
This hotfix includes the following improvements:
  • Changed the maximal number of CC database connections so that the Control Center Status Map is no longer unresponsive when connecting via NextGen Admin.
  • Improves the configuration and error handling for the CC Database.


#19 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 25 August 2016 - 04:29 AM

Hotfix 790 - Cumulative Hotfix
 
Summary Resolved various TAP2 issues
Publication date Aug 24, 2016
Type Hotfix
Version 790-6.2.2-111972
Size 150.5 MB
 
Applies to
6.2.2 (NextGen Firewall F-Series and Control Center)
 
Blocks package on F-Series Control Center
Hotfix 794 - Virscan Service
 
Blocks package on F-Series Firewall
Hotfix 794 - Virscan Service
 
Obsoletes package
Hotfix 794 - Virscan Service
 
Components
Forwarding Firewall (NextGen Firewall F-Series and Control Center)
Virus Scanner (NextGen Firewall F-Series and Control Center)
CC VPN (NextGen Firewall F-Series and Control Center)
VPN (NextGen Firewall F-Series and Control Center)
Host Firewall (NextGen Firewall F-Series and Control Center)
 
Properties
Might trigger a reboot.
 
Description
This hotfix includes the following improvements:
 
  • Unusual HTTP trailing header fields are now handled correctly.
  • Transparent redirection for traffic which is virus scanned or SSL intercepted now works as expected.
  • Intial DHCP request propagation using multiple bridging groups now works as expected.
  • Network activation no longer fails when switching between a static and a dhcp inteface without changing the IP address
  • Added option to disable VPN replay protection for IPsec VPN tunnels.
  • Schedule objects with a large number of objects (>128) now works as expected.
  • FTP traffic virus scanning improvements.
  • Firewall service stablilty improvements.
  • Fix problem with site specific objects used as connection object for redirect action
  • Fix problem with schedule objects containing too many (>128) entries
  • Improves the startup time of the AV service with enabled Advanced Threat Detection.

Note: “Replay Protection” for IPSEC can be disabled with an updated NGAdmin (hotfix) by configuring an IPSEC Tunnel / TI – VPN Envelope Policy / Replay Window Size of ‘-1’. 


Director, Product Management


#20 Markus Lang

Markus Lang
  • Moderators
  • 395 posts

Posted 27 September 2016 - 10:33 AM

Hotfix 800 - OpenSSL Vulnerability
 
Summary Update OpenSSL to resolve security vulnerability
Publication Date Sep 27, 2016
Type Hotfix
 
Size 14.1 MB
 
CVEs
CVE-2016-6304
 
Applies to
6.2.0 (NextGen Firewall F-Series and Control Center)
6.2.1 (NextGen Firewall F-Series and Control Center)
6.2.2 (NextGen Firewall F-Series and Control Center)
 
Blocks packages on Control Center
Hotfix 730 - Dynamic Routing
Hotfix 741 - Mail Gateway Virus Scanning
Barracuda NG Firewall and NG Control Center 6.2.1 Update Package to update from 6.2.0, 6.2.1
Barracuda NG Firewall and NG Control Center 6.2.1 Update Package to update from 6.0.x and 6.1.x
Hotfix 762 - HTTP Proxy
Hotfix 759 - Firewall
Hotfix 772 - Cumulative Hotfix
Hotfix 777 - Cumulative Hotfix
Hotfix 782 - Cumulative Hotfix
Update package for NextGen F-Series from 6.2.X to 6.2.2
Update package for NextGen F-Series from 6.X to 6.2.2
 
Blocks packages on F-Series Firewall
Hotfix 730 - Dynamic Routing
Hotfix 741 - Mail Gateway Virus Scanning
Barracuda NG Firewall and NG Control Center 6.2.1 Update Package to update from 6.2.0, 6.2.1
Barracuda NG Firewall and NG Control Center 6.2.1 Update Package to update from 6.0.x and 6.1.x
Hotfix 762 - HTTP Proxy
Hotfix 759 - Firewall
Hotfix 772 - Cumulative Hotfix
Hotfix 777 - Cumulative Hotfix
Hotfix 782 - Cumulative Hotfix
Update package for NextGen F-Series from 6.2.X to 6.2.2
Update package for NextGen F-Series from 6.X to 6.2.2
 
Obsoletes package
Hotfix 801 - OpenSSL
 
Obsoleted by packages
Update package for NextGen F-Series from 6.X to 7.0.0 with Hotfixes
Hotfix 799 - OpenSSL
 
Components
HTTP Proxy (NextGen Firewall F-Series and Control Center)
 
Properties
Enforces a reboot.
 
Description
This hotfix includes the following improvements:
 
Update OpenSSL to version 1.0.1u due to security vulnerability CVE-2016-6304.
 
Note: A reboot will be performed to finalize the installation.

Director, Product Management