Nouvelles

Version 8.50.00 contains a number of major changes, and also a number of gotcha's. The most notable changes and gotcha's are highlighted here:

• Dynamic routing introduced: OSPF and route failover. This carries with it a number of changes, such as Security/Transport equivalent interface groups, which are necessary in order for connections to be able to move from one interface to another.
• Single-admin Virtual System/Router support enables the creation of logical units with separate routing tables and, to some extent, rulesets, under the same administrative scope.
• PPTP and L2TP clients and servers.
• H.323 Application Layer Gateway implemented.
• Gotcha: Order of rule lookups changed. Policy-based routing rules are now consulted before other rulesets. As a result, destination interface filtering is now done according to the PBR table in use. Also, Proxy ARP will now obey PBR.
• Gotcha: The "Secure" rule flag was removed. Changes brought on by dynamic routing meant that the "Secure" rule flag, which forces traffic through a matching IPsec tunnel, had to be removed. As of v8.20.00, the (better) alternative is to simply route traffic over IPsec tunnels.
• Gotcha: Given that the number of PBR routing tables equal the number of Virtual Systems / Routers supported, the number of PBR tables allowed is now controlled by the license. Most licenses allow 5 routing tables, though some of the larger appliance models allow more than that by default. Support for additional Virtual Systems may be purchased as add-ons to your existing license.
• Gotcha: HA: Upgrading directly to v8.50.00 from versions prior to v8.40.01 will lead to loss of state synchronization.
• New "miniature" firewall core in distribution. The two core flavors distributed are now: a "-full" version, with all functionality in it, and the new "-mini" version, with a number of disk-space-consuming options removed.
• Clavister Firewall Logger for Linux is now included in the distribution.