User's Guide - Version 5.7.6
CacheGuard OS change logs
Version 5.7.7 (20 March 2012)
- The command "system" has been improved to display the subscription end date.
- Some minor bugs related to the proxy start/stop have been fixed.
Version 5.7.6 (28 February 2012)
- A new subscription verification module has been added to the system.
Version 5.7.5 (20 October 2011)
- Some minor bugs have been fixed in the Web GUI.
- The log rotation system has been fixed to properly rotate the WAF log.
Version 5.7.4 (12 October 2011)
- The OS has been improved to support a better crash recovery.
Version 5.7.3 (15 August 2011)
- Installation in test mode has been improved to allow choosing the OS to load at bootup.
- The mgt (for management) vlan has been renamed to mon (for monitoring).
- The keyword mgt (for management) in the command "access" has been renamed to mon (for monitoring).
Version 5.7.2 (11 July 2011)
- The command "factoryreset" has been removed and replaced by the argument "factoryreset" added to the command "conf".
- Reporting capabilities has been added to the proxy cache module (see the command "cache report").
- Reporting and health checking capabilities has been added to the system (see the command "system report").
Version 5.7.1 (20 June 2011)
- The proxy cache module has been upgraded to its latest version.
- The bug that prevents to download small video files while the cache and antivirus mode are both enabled has been fixed.
- The command "filter" was renamed to "waf" (for Web Application Firewall).
- In the command "mode", the keyword "filter" was renamed to "waf".
- In the command "log", the keyword "filter" was renamed to "waf".
- In the command "antivirus", the keyword "clear" was renamed to "create".
Version 5.6.10 (27 May 2011)
- The antivirus no longer checks images and textual contents.
Version 5.6.9 (20 May 2011)
- The minor bug related to the PUA mode activation has been fixed in the Web GUI.
- All schemas in the documentation has been enhanced with new icons.
Version 5.6.8 (16 May 2011)
- The persistent caching module has been enhanced for better disk caching performance.
- The antivirus module has been upgraded to its latest version to fix several internal bugs.
- The antivirus no longer checks video contents.
- The syntax of the "antivirus maxobject" command has been changed.
- Now files larger than the limit configured with the command "antivirus maxobject" won't be scanned by the antivirus.
- A new command named "setup" has been added to the system. This command is automatically executed when you first connect to the system.
Version 5.6.7 (25 April 2011)
- The Web GUI look and feel has been enhanced.
- The Web auditing GUI has been fixed to display properly all virus and guard logs.
- Now the command "antivirus update report" also displays the last automatic AV update.
Version 5.6.6 (20 April 2011)
- The minor bug related to the trial version initial date has been fixed.
Version 5.6.5 (14 April 2011)
- Now the proxy is allowed to connect to ports between 1024 and 49151.
- The bug that prevents clients to connect to the internal DNS when the appliance doesn't use itself as a DNS has been fixed.
Version 5.6.4 (4 April 2011)
- The CacheGuard Logo has been changed.
- The licensing key system has been revised.
- The Web GUI look has been revised.
Version 5.6.3 (2 February 2011)
- The integrated AntiMalware software has been upgraded to its highest version.
- The Web Audit module has been improved to show denied URLs and attempts to access Malware.
- Accessing Web sites that use NTLM / SSPI authentication works now with latest IIS Web servers when the compress or filter mode are activated.
Version 5.6.2 (28 January 2011)
- Setting auto update for blacklists has been fixed in the Web GUI.
- The whole documentation has been reviewed.
- Some other minor bugs have been fixed.
Version 5.6.1 (17 June 2010)
- The installation program has been enhanced to allow the booting and installing of the OS from a USB memory stick.
- The Linux kernel has been upgraded to the version 2.6.34 and all required drivers have been integrated to support the latest hardware.
- Some minor bugs have been fixed in the Web GUI.
- The default serial speed has been changed to 115200.
- Some optimization has been made to reduce the CDROM image size.
Version 5.6.0 (18 March 2010)
- An AntiMalware (Virus, Trojan, Worm) has been added to the appliance.
Version 5.5.5 (28 February 2010)
- The Web GUI has been enhanced to allow direct accesses to menu boards from the main bar menu.
Version 5.5.4 (16 February 2010)
- The tuner module has been enhanced to manage parallel Web requests more adequately.
- The guarding module has been enhanced to allow or deny the usage of direct IP addresses instead of domain names.
- The Web Audit module has been fixed to print messages properly.
- An anti-malware has been added to the appliance in beta test mode.
- The backup retention policy for logs has been changed so the system backs up logs for a period of 30 days.
- A new feature has been added to the system so unwanted Web access and rejected requests to protected Web servers are all logged in separated files.
Version 5.5.3 (15 December 2009)
- The Web GUI has been fixed to properly refresh logs when an explicit refresh is invoked.
- A new option has been added to the Web GUI to clear the persistent Web cache.
Version 5.5.2 (30 November 2009)
- The Web GUI has been fixed to properly display the top main menu in ie8.
Version 5.5.1 (16 November 2009)
- The guarding feature has been reinforced so that Web surfers are no longer allowed to directly use IP addresses instead of domain names to bypass URL filters.
- In the Web GUI, clear passwords has been removed from displayed reports.
- The Web GUI has been enhanced to support IE8.
Version 5.5.0 (13 October 2009)
- The command "user" has been removed and replaced by the argument "user" added to the command "admin".
- A new command named "cache" has been added to the system. This command allows management of some cache parameters.
- The command "forceloadurl" has been removed and replaced by the argument "loadurl" added to the new command "cache".
- The argument "denyurl" has been added to the command filter. This argument allows you to set a specific URL to redirect to when an HTTP request is blocked.
- The filter and compress modules have been improved to support accessing Web sites that use NTLM / SSPI authentication (even if NTLM/SSPI is not compliant with HTTP).
- The URL blacklist auto updating module has been enhanced to properly download all remaining files since the last update process.
- The file transfer module has been improved to manage errors during file transfer.
- The Web GUI has been modernized and improved.
- The User's Guide has been enhanced.
- USB keyboards are now supported.
- Some internal minor bugs have been fixed.
Version 5.4.2 (15 March 2009)
- An option to manage SSL CA chain has been added to the "rweb" command.
Version 5.4.1 (22 February 2009)
- The syntax of the command "guard" has been changed and new guard management features have been added to the appliance. An option allows you to update an existing blacklist category from a diff file. A second option allows you to automatically update a blacklist category since the last update/create date until today. It is also possible to program automatic blacklist category updates. Also the blacklist category save option has been removed.
Version 5.4.0 (2 January 2009)
- An LDAP authentication mode has been added to the appliance.
- The bug that prevented connection to internal NTP servers has been fixed.
Version 5.3.7 (25 Nov 2008)
- Now the multi CPU mode is activated during the installation if there is more than one installed CPU.
- A Huge Memory management mode (RAM > 4GB) is now available on the standard CDROM and can be chosen during the installation.
Version 5.3.6 (20 Nov 2008)
- The crash management module has been enhanced.
- The bug in the Health Checking module that inadvertently restarted services has been fixed.
- Now the "rweb" mode is turned off by default.
- An option to cancel the running "apply" operation has been added.
- The patching module has been completely reviewed.
- The Web auditing GUI has been enhanced.
- Generic content filtering rules have been updated.
- The reverse web auditing GUI properly displays all warning messages.
- The reverse web mode works properly even if there is only one declared HTTP Web site name.
- The reverse web mode works properly even if there is no DNS declared.
Version 5.3.5 (16 Sept 2008)
- Some internal minor bugs have been fixed.
- The CacheGuard License has been upgraded to the version 1.2. Now you can edit and modify the proprietary part of CacheGuard for your exclusive personal use. You still may not, except as permitted by applicable law, loan or create derivative works from the proprietary part of CacheGuard (see the new license).
Version 5.3.4 (28 Aug 2008)
- A CSS (Cascading Style Sheets) was added to the Web GUI.
- SSL v2 is no longer supported when the appliance acts as a reverse Web proxy (only SSL v3 and TLS v1.0 are supported now).
Version 5.3.3 (29 May 2008)
- In the Web GUI, the "logout" screen properly displays all images.
Version 5.3.2 (8 May 2008)
- The connection to the Web auditing GUI works properly when the Guarding mode is deactivated (concerns only appliances installed for less than 20 users).
Version 5.3.1 (20 March 2008)
- The HTTP Transparent and HTTP Compress combination mode problem that produces some inconsistent HTTP requests has been fixed.
- Synflood rules are less aggressive so overloaded Web browsing works properly without faulty rejects.
- Textual output has been formatted to comply vt100 terminals.
- The power-off button on SPC appliances works now and shuts down the system properly.
- The LCD display on SPC appliances works properly.
- The "conf diff" command has been optimised.
- A "Show Configuration" option has been added to the Web GUI.
Version 5.3.0 (14 March 2008)
- The furtive error while adding a list item in the Web GUI has been corrected.
- Connections to next peers work properly.
- Object sharing between cache peers has been optimized.
- All source codes are rebuilt using gcc v4.1.2.
- All basic packages are upgraded.
- The command "halt" may power off the system even if the administrator is remotely logged in.
- The support of old Pentium Pro CPU has been added to the Linux kernel.
Version 5.2.8 (23 December 2007)
- The memory usage has been optimized.
Version 5.2.7 (1 December 2007)
- The number of parallel connections from peers is not restricted. Peers are considered as trusted parties that do not generate flooding traffic.
- The free trial version for more than 10 users has been limited to 15 days. When the trial period is about to end, the "apply" command no longer applies a new configuration unless a valid license key is installed.
Version 5.2.6 (24 November 2007)
- In Anonymous mode, the "WWW-Authenticate" header is no longer hidden.
Version 5.2.5 (5 November 2007)
- A Synflood guarding has been added for traffic labeled "other".
- The number of parallel connections per client IP address has been restricted, which allows this release to stop flooding.
- Bug fix: The log rotation process has been fixed to save logs with the correct date and time.
- Bug fix: The IP address configuration has been fixed when the HA mode is deactivated.
- This is the first stable version.
Version 5.2.4b (1 November 2007)
- The Synflood guarding module has been enhanced for Web traffic.
- The Linux kernel has been upgraded to 22.214.171.124.
Version 5.2.3b (26 October 2007)
- Multiple reversed HTTP Web sites may be associated to the same public IP address.
- The brute force attack guarding module has been enhanced for Web traffic.
Version 5.2.2b (21 October 2007)
- The Web GUI audit module is activated even if the "filter" and "rweb" modes are not activated.
- In the command "rweb", when adding a reversed Web site name, a mandatory IP address must be given for a HTTP Web site as well as for a HTTPS Web site.
- The QoS policy for a reversed Web site has been changed to be based on its public IP address.
- Some minor bugs have been fixed in the QoS module.
Version 5.2.1b (12 October 2007)
- The Web GUI has been optimized.
- Bug fix: The configuration loading works properly even if the file to load does not exist.
- The reverse Web auditing documentation has been enhanced.
- Passwords having a length of 9 or greater are supported.
- FTP and TFTP protocols are supported by the Firewall.
- In High Availability mode all services are activated properly after configuration changes.
Version 5.2.0b (5 October 2007)
- X-Forwarded-Host, X-Forwarded-Server are removed from HTTP headers requests - X-Forwarded-For is also removed if no Next Peer is declared when the anonymous mode is activated.
- Port numbers for Next Peers can range from 0 to 65535 (see the command peer).
- An audit mode is integrated with the content filtering module. Auditing allows the inspection of HTTP request content and facilitates the filtering rule design process (see the commands "admin", "filter" and "port").
- A "Logout" link has been added to the Web GUI.
- Deleting an administrator user works properly.
Version 5.1.2b (1 October 2007)
- The Via header is removed from all requests even if the anonymous mode is not activated.
- In the command "port", the keyword "webadmin" was renamed to "wadmin".
- In the command "password", the keyword "webadmin" was renamed to "wadmin".
- In the commands "rweb" and "transaction", the keyword "print" was renamed to "show".
- Bug fix: The ftp passive mode can now be activated properly.
- The administration access topology can now be configured with the command "admin".
Version 5.1.1b (22 September 2007)
- Bug fix: The Web site deleting with the command "rweb" works properly and all related custom filters are removed.
- Bug fix: Custom filter rules are properly applied to the running configuration and appropriate services restart.
Version 5.1.0b (20 September 2007)
- TRACK and TRACE methods are denied for the embedded Web server and all hosted Web servers even if the filtering mode is not activated.
- Content filtering is only applicable in reverse Web sites and does not affect the forwarding proxy.
- Custom content filtering based on regular expressions is operational.
- The syntax of the command "guard" has been changed.
- The command "conf" is optimized to run faster.
Version 5.0.0b (9 September 2007)
- The content filtering mode (filter mode) for reversed Web sites is operational. When the "filter" and "rweb" mode are activated, requests on protected Web sites are filtered for generic attacks (xss, sql injection...), protocol violations and other anomalies.
- The content filtering is hardened for the Web GUI.
- The configuration is properly saved for backend servers associated to a Web site.
- Guard categories are created even if the "guard" mode is deactivated.
- Guard black and white lists are loaded properly (the given file name must not include ".domains", nor ".expressions" nor ".urls" nor the ".gz" extensions).
- Setting VRRP in the Web GUI works correctly (a wrong content filtering rule was previously set in error).
Version 4.1.6b (2 September 2007)
- By default Route Tracing (traceroute) is allowed from the internal zone to the external zone.
- Bug fix: The Web GUI for the firewall configuration (Menu items "Security/External Firewall" and "Security/Internal Firewall") was fixed to work properly for long content.
- The content filtering for the Web GUI is more permissive for punctuation characters.
- Some other minor bugs were corrected.
Version 4.1.5b (28 August 2007)
- The licensing is also based on the number of Web Sites to reverse.
- The "Hard Factory Reset" procedure resets properly the "admin", "superadmin" and the root passwords.
- Images in the User's Guide available from the Web GUI are shown properly.
Version 4.1.4b (22 August 2007)
- The network installation and its documentation are improved (Mainly: the TFTP IP Address is guessed and if the installation fails, the installation environment is properly reset to give the ability to relaunch the installation).
Version 4.1.3b (17 August 2007)
- Bug fix: The port forwarding integrity is properly checked during the "apply" operation (Cannot NAT the destination IP to the appliance itself).
- Bug fix: When adding firewall rules using Web GUI, an empty entry does not add an "any to any" rule. To specify an "any to any" rule the keyword "any" must be specified for the Source IP, the Destination IP or the Ports field.
- Bug fix: The QoS/Incoming Flows menu item works properly in the Web GUI (Bug due to contenting filtering in the Web GUI).
- Bug fix: Web Site adding works properly in the Web GUI (Bug due to contenting filtering in the Web GUI).
Version 4.1.2b (13 August 2007)
- Bug fix: Network traffic other than Proxy traffic (HTTP, HTTPS and FTP) are shaped properly without abnormal slowdown.
Version 4.1.1b (10 July 2007)
- The Appliance could be installed properly using a PXE network device. The TFTP server IP address is configurable during installation.
Version 4.1.0b (9 July 2007)
- The Web GUI security has been improved.
- Bug fix: Native IP addresses could be setup properly in the Web GUI.
- The "rweb" VLAN is configurable using the Web GUI.
- The reverse mode is configurable using the Web GUI.
- The keyword "confcert" was renamed to "genssl" (related commands: "rweb" and "admin").
- When an HTTPS reverse Web site is deleted, the associated host list is erased only if no other external IP address is associated with this HTTPS Web site.
Version 4.0.0b (24 June 2007)
- A reverse mode is at last available in this version. This mode allows you to implement the appliance as a reverse proxy in front of Web servers to secure, accelerate and shape Web traffic. (see the commands "mode" and "rweb").
- SSH key loading works properly.
- SATA storage controller are supported again in this version (support was accidentally removed from the previous version).
- The keyword "gencert" is renamed "confcert" in the command admin.
Version 3.5.0b (04 June 2007)
- The QoS bandwidth shaping works properly for all types of traffic.
- The syntax of the command "qos" has changed.
- The QoS management can be deactivated using the command "mode".
- The "fw" command has been renamed to "firewall".
- This is an intermediate version before a main one supporting the reverse mode.
- The reverse mode is called "rweb" and some related commands are already integrated in the present version (but the "rweb" mode is not yet operational):
- The reverse mode could be activated using the command: "mode rweb on".
- The forward mode could be deactivated using the command: "mode web off".
- A new vlan named "rweb" is available for Web servers.
- A Filtering mode is integrated to inspect inside Web requests (see the command "mode filter").
- Allowed Web servers can be restricted to those declared with the command "access rweb...".
Version 3.4.0b (02 May 2007)
- The certificate generation procedure for the Web GUI supports white spaces in entries.
- The alter image mode is no longer supported - The core proxy module has changed.
- Time & Date can be setup properly by using the Web GUI.
- The log rotation procedure properly deletes logs older than 10 days (or with a serial number greater than 10).
Version 3.3.2b (12 April 2007)
- The documentation of the command "mode" is corrected (gateway is renamed router).
- The Web GUI is enhanced for the General Feature and Network related modes.
- The Web GUI can show the last apply report even if the configuration is locked.
Version 3.3.1b (10 April 2007)
- In the command "mode", "gateway" is renamed "router".
- The integrated DHCP server may be activated via the CLI or Web GUI.
- The integrated DHCP server supports a failover mode.
- Network PCMCIA cards are detected.
Version 3.3.0b (28 Mar 2007)
- System and access logs are rotated together even if the access log is empty.
- A VRRP IP address can be associated to the external network interface (Useful for incoming connections via the external network interface, crossing the embedded firewall and destined to internal networks).
- The access to the embedded DNS is allowed.
- In HA mode, the vrrp multicast is allowed for all IP in the local network (and not only for declared HA peers).
- In HA mode, if the health checker cannot properly restart all vital service, a fail over is forced. The forced fail over is logged in the daemon.log log file.
- When defining administrator access with the command "access", an optional netmask could be specified.
- Bug fix: The configuration difference is correctly displayed in the Web GUI.
- The Web GUI is available via the embedded Proxy only when the VLAN mode is deactivated.
Version 3.2.7b (21 Mar 2007)
- Now, the Health Checker is correctly launched and checks all activated services.
- The Web GUI is available via the embedded Proxy.
- Minor enhancements and optimization.
Version 3.2.6b (14 Mar 2007)
- Bug fix: Now, the tftp command is found during the installation phase.
Version 3.2.5b (10 Mar 2007)
- When loading/saving guard categories, the category type may be optionally specified.
- Security was fixed so that, in VLAN mode, the embedded Firewall allows or denies only traffic to or from the "web" VLAN.
- The syntax of the commands "access" and "fw" has been changed. Now the access type "other" in the command "access" is replaced by the command "fw" followed by the keyword "intern". In the command "fw" the source IP address and optionally the network mask is specified.
- Other minor bug corrections.
Version 3.2.4b (21 February 2007)
- An optional port number may be defined when adding a Next Peer.
- Support has been added for the SCSI Message Fusion Driver (required for VMware certified version: LSI Logic).
Version 3.2.3b (13 February 2007)
- Support for TFTP to exchange Files with the appliance. To do that, the syntax of the following commands is changed: access, vlan, conf, system, log, guard.
- The completion for the command "dns" supports the keyword "localhost".
- To respect the command syntax homogeneity, the keyword "snmp" is renamed to "mgt" for the following commands: access, vlan. The "mgt" keyword specifies "snmp" and other possible management protocols later (The snmp agent is still not integrated in this version).
- The configuration cannot be applied if the internal and external IP addresses belong to overlapped networks (The text of the error number 203 is also modified).
- The "ip" command checks if the given IP address is a valid host IP address (The network and broadcast IP address cannot be given now).
- Bug fix: Swapping between the VLAN mode and Native Mode (mode vlan on/off) restarts adequate services to bind to appropriate network interfaces.
- Bug fix: The system patching (Menu item "File/System Patches") works correctly in the Web GUI now (the "Do Operation" produce the awaited result).
- Other minor bug corrections.
Version 3.2.2b (02 February 2007)
- A shortcut "Apply" button was added to the Web GUI's main menu.
- The keyboard selection during installation was enhanced.
- The "access" command documentation was enhanced.
- The README.txt file in the VMware virtual machine version package was enhanced.
Version 3.2.1b (23 Jan 2007)
- The command "apply" can be applied after a "factoryreset" without adding a DNS server.
- The Web GUI is now compliant with IE7 and FireFox 2.0.
Version 3.2.0b (17 Jan 2007)
- Initial Public Announcement
Copyright (C) 2002-2011 CacheGuard - All rights reserved