Firmware Release 7.1.x HOTFIXES
Posted 03 August 2017 - 07:59 AM
Posted 04 August 2017 - 04:36 AM
Important Security Hotfix
Security hotfix to address an issue that could lead to unauthorized, low privilege access via the management IP addresses.
Several hotfixes were released on Aug 3rd 2017 to address an internally discovered logic error in the configuration process which could allow an attacker to gain unauthorized low privilege access to the NextGen Firewall via the management IP addresses.
The logic error exists in the following versions of the NextGen Firewall F series firewalls as well as NextGen Control Centers since firmware 5.2.3:
- 5.2.x - end of support reached - please upgrade to newer firmware
- 5.4.x - end of support reached - please upgrade to newer firmware
- 6.0.x - resolved in Hotfix 837
- 6.1.x - end of support reached - please upgrade to newer firmware
- 6.2.x - resolved in Hotfix 836
- 7.0.0 - resolved in Hotfix 838
- 7.0.1 - resolved in Hotfix 834
- 7.0.2 without Hotfix 825 - resolved in Hotfix 834
- 7.0.2 with Hotfix 825 - resolved in Hotfix 839
- 7.0.3 The issue is resolved in maintenance release 7.0.3 released on Aug 3rd. 2017.
- 7.1.0 - resolved in Hotfix 835
The Hotfixes released today fully mitigate the issue in the affected versions. Hotfixes are available in the download portal: https://dlportal.barracudanetworks.com.
Additionally, with firmware release 7.0.0 or newer the hotfix corresponding to the current fimware release will be displayed in the UPDATES section of the General Dashboard on NextGen Firewalls F-Series.
Additionally, with firmware release 7.0.0 or newer the hotfixes will be available from the Download Portal tab of the CONTROL -> Firmware Updates section on NextGen Control Centers.
We further recommend that customers isolate the management IP addresses to a trusted local network. The NextGen Firewall supports setting additional ACLs for accessing the management interface that can further increase security. Finally, we also recommend setting strong passwords on all accounts or configuring key based authentication and disabling password authentication.
Instructions on setting up ACLs and key based authentication are available here:
Posted 15 November 2017 - 04:45 AM
- Forwarding Firewall (NextGen Firewall F-Series and Control Center)
- Virus Scanner (NextGen Firewall F-Series and Control Center)
- CC VPN (NextGen Firewall F-Series and Control Center)
- VPN (NextGen Firewall F-Series and Control Center)
- Host Firewall (NextGen Firewall F-Series and Control Center)
- Firewall plugin stability improvments, resolving issues with failed FTP data sessions when handling a large number of FTP sessions.
- Resolved issue where in some cases application rules did not match for HTTPS sessions. This also caused URL Filter and File Content policies configured in the application rule to not be evaluated.
- Multiple SMTP and FTP protocol handling improvements.
Posted 24 November 2017 - 03:29 AM
Posted 19 April 2018 - 04:09 AM
Posted 19 April 2018 - 04:11 AM
Posted 15 May 2018 - 10:10 AM
Blocks package on NextGen Firewall F-Series
Posted 08 May 2019 - 02:15 AM
- Increases the default size of the replay protection window.
- Prevents SPI collisions.
- Makes the results of active bandwidth probes available in the transport details.
- Enforces a minimum bandwidth for SD-WAN enabled transports.
- Solves concurrency issues resulting in "Decryption failure" entries in VPN drop cache.
- Makes SD-WAN bandwidth adjustments less aggressive after packet loss.
- Takes a less conservative approach to estimate the effective bandwidth from a probe.
- Fixes an issue where wrong IP addresses are shown in VPN access/drop cache.
- Fixes an issue in VPM session balancing.
- Increases the maximum number of vpn routes.