Multi-Tech RouteFinder VPN Family (RF600VPN, RF660VPN, RF760VPN, RF850 and RF860) NOTE: In order to perform a live update to the latest firmware Version 3.3x, your RouteFinder must be running the newer version of a 3.25 release. To check if your RouteFinder is running the correct version of 3.25, webadmin into the RouteFinder and under Administration --> System Setup, there should be a box with a header showing "System Logging". If it is showing "Remote Syslog", you have the an older version of 3.25. Therefore, you must reinstall using the newer version of 3.25 before you can perform the live update. Please contact our Tech Support Department if you need to reinstall with the newer version of 3.25 software. In order to run Version 3.3x and if you are planning to use URL content filtering, you MUST have a minimum of 256MB of memory. Some older RF600VPN hardware with serial numbers lower than 9337635 CANNOT be upgraded due to the hardware limitation. RF660VPN hardware support only a maximum of 256MB of memory. RF600VPN uses a standard PC133 memory module; RF660VPN uses a standard PC100 memory module; RF760VPN, RF850 and RF860 use a standard DDR memory module. After the RouteFinder upgraded to version 3.31, it CANNOT have DNS settings that are pointing to some internal IP addresses that are hosting the DNS service. DNS settings must be pointing to some public IP addresses on the RouteFinder. Contents ======== - Introduction - Hardware Description - How to perform Live Update - Revision History - Support Options - Copyrights and Trademarks Introduction ============ This document provides procedures on how to perform update. It also include information regarding all the changes and fixes within the product. Should there be any further recommendations, please contact with the Local Multi-Tech Systems office listed as below. Hardware Description ==================== RF600VPN Hardware description : ------------------------------- - Firewall / VPN with 10/100 Mbps LAN, WAN, DMZ ethernet ports and a Async dial backup port RF660VPN Hardware description : ------------------------------- - Firewall / VPN with 10/100 Mbps LAN, WAN, DMZ ethernet ports, a build in V90 modem and a Async dial backup port RF760VPN Hardware description : ------------------------------- - Firewall / VPN with 10/100/1000 Mbps LAN, WAN, DMZ ethernet ports, a build in V90 modem and a Async dial backup port RF850 Hardware description : ---------------------------- - Firewall / VPN with 10/100 Mbps LAN, WAN, WAN2/DMZ ethernet ports and Async RS232 dial backup port RF860 Hardware description : ---------------------------- - Firewall / VPN with 10/100 Mbps LAN, WAN, WAN2/DMZ ethernet ports, a build in V92 modem and a Async dial backup port How to perform Live Update ========================== In order to perform live update to the latest version 3.3x, your RouteFinder must be running the newer version of 3.25. To check if your RouteFinder is running the correct version of 3.25, webadmin into the RouteFinder and under Administration --> System Setup, there should be a box with header showing "System Logging". If you see header showing "Remote Syslog", you have an older version of 3.25, you must reinstall using the newer version of 3.25 before you can perform the live update. Please contact our tech support on how to reinstall the new version of 3.25. - Make sure your RouteFinder is on the internet - Webadmin into the RouteFinder - Click on Tracking - Click on Update Services - Make sure System update server name is set to ftp.multitech.com - Make sure System update server directory is set to /autoupdate/flash - Click on Start button for the Update System - A popup window will show the status of the update - when update is done, it will REBOOT the Routefinder - Click on the Home to make sure the new version is displayed. Revisions History ================= Changes, Bugs Fixes in Version 3.31 (September 5, 2006) ======================================================= Changes and New Features: ------------------------- - Show DNS addresses for PPPoE connection - Added a new option to configure MTU value for PPPoE connection - Added support for VPN failover when dual wan load balancing is enabled - Added support for DDNS failover when dual wan load balancing is enabled - Added PPTP support for Windows CE, Apple Mac and Palm OS PPTP client Fixes: ------ - Fixed dual Wan Load Balancing and DNS issue - Fixed VPN UID issue - Fixed IPsec VPN Manual mode - Fixed Ipsec VPN using FQDN - Fixed POP3 proxy problem when there are to manny To addresses. - Fixed Email Notification modified for HA Failover - Fixed SMTP proxy files clean up problem - Fixed email notification continously sending out email when auto update fail or it is not available. - Fixed cron job so it monitors and clean up /tmp, /var/spool/qmailscan and /var/spool/pop3vscan/children folders - Fixed fetchipac process reaching 100% CPU usage Changes, Bugs Fixes in Version 3.30 (April 27, 2006) ==================================================== Changes and New Features: ------------------------- - High Availability (HA) - Quality of Service (QOS) - Dual Wan Load Balancing - show more information regarding Version number and patches that are installed - Added some configurable options for the ethernet interface card. - Added display details Hardware information in Statistics and Logs --> Hardware - Added new static service name for VOIP services - Added SSH Root password change option in the Webadmin - SNMP option is not supported when using external SNMP manager - Added Identification when defining ethernet MAC address based Packet Filter Rules. - Added ipsec pass-thru option in packet filter rule --> Advanced - Stop and start an individual IPsec tunnel does not restart all the other active VPN tunnels - Added Clearlog option in webadmin. This will allow clearing of all current and old log files - Added support to Email Backup log files. A configurable option is added in the webadmin email notification - Concurrency incoming mails setting a. For POP3 concurrency, run /etc/multiconf/scripts/flashqmailconfig POP3 20 This sets the POP3 concurrency value to 20 b. For SMTP concurrencyincoming, run /etc/multiconf/scripts/flashqmailconfig SMTP_INCOMING 20 /etc/multiconf/scripts/flashqmailconfig SMTP_OUTGOING 20 This sets the SMTP concurrencyincoming and concurrencyremote value to 20 - Added option to configure the email size which can Bypass SMTP/POP3 Virus/SPAM. Default is 200KB, this mean any emails larger than 200K will not need to be scanned for virus or spam - Added option to allow Selection of Networks to scan email when using POP3 proxy - Added SMTP spam option for Email blocking based on Subject - Added SMTP spam option for Authentic Sender List - Added SMTP spam option for Authentic Recipient List - Added support for the new RF850 / RF860 hardware - Added option to change the speed on ethernet interfaces Fixes: ------ - Fixed Networks definition with Variable Length Subnet Mask. It was reporting error when adding subnet 10.255.1.0 - Fixed Service Group name when more than one packet filter rules are defined for the group - Fixed when adding some Ipsec Manual connection - Fixed URL Category database update problem - Fixed the SMTP helohost file so CPL listing service does not block Changes, Bugs Fixes in Version 3.25 (August 8, 2005) ==================================================== Changes and New Features: ------------------------- - Added Syslog-timeout program to monitor and detect hard drive lockup error messages - New PPTP patch fixes the buffer overflow vulnerability found in pptp-1.0.1 version. - Add an option in Factory Default reset to allow clearing all the old log files. - Add a option for Quarantine mail so it forwards directly to an external mail account instead of storing locally on the internal hard drive. Fixes: ------ - Fixed the non-transparent http proxy and authentication problem. - Fixed PPTP access problem when the WAN link is using PPPoE. - Fixed URL filtering when searching google / yahoo / msn images related to Adult / porn content - Fixed backup file so mail server does not detect as virus email - Start up file scan and repair is removed so it can bootup faster. File scan and repair will only perform on abnormal shutdown. - Fixed some issues with MRP program. Changes, Bugs Fixes in Version 3.24 (June 11, 2005) ==================================================== Changes and New Features: ------------------------- - Allow URL custom filter to use regular expression. Examples of Regular expression: [a-z]|[0-9].*.com – Any domain that start with an alphanumeric character ends with a “.com” will match the rule. - Add a configurable option in Packet filter --> Advanced to control “Strict Stateful Inspection”. Disabling “Strict Stateful Inspection”, WILL allow “unclean” packets to traverse thru the RouteFinder. This will prevent VPN tunnel from dropping packets. Fixes: ------ - NETBIOS broadcast rules for VPN were getting deleted from iptables in version 3.23, it has been fixed in 3.24 release. “disabling VPN” flushes the NETBIOS rules from IPTables. - Fixed memory resident program to detect hard drive read / write error. - Fixed URL database corruption problem after live update Changes, Bugs Fixes in Version 3.23 (April 20, 2005) ==================================================== Changes and New Features: ------------------------- - Added PoP3 proxy spam filtering - Added RRD tool for MRTG graph generation - Added Kernel panic auto reboot - Added Block Networks in SMTP Spam Filtering - Added Rescue kernel so software can be reinstalled without using CD-ROM drive - Enhanced Spam filtering using Adaptive Bayesian algorithm - Added Memory Resident program to detect hard drive read / write error - Added support for Multiple RBL servers in SMTP spam filter - Update Linux Kernel to 2.4.26 - Update Linux Iptables from 1.2.6a to 1.2.11 - Added disk / file scan and repair during bootup - Preventing redirection of HTTP port 80 to port 3128 in the pre-routing chain for traffic that is a part of the VPN tunnel. - Included the latest patches for POP3 proxy - IPsec Predefined CA has been removed. - Allow editing of DNS Server IP in interface page when PPPOE is enabled - Added option for Pop3 virus mail notify to administrator. Mail cannot be blocked to recipient. - When sending notification email with log file, name the log file with .txt extension - Added Intrusion Detection email notification to include HTML format - ICSA Firewall Certification - Enabled ICMP Forward by default, this will allow ping to work from LAN to WAN - Feature to add the “From:” and “To:” addresses from the quarantined mails to “Sender black list” and the “Recipient Black List” in the SMTP-SPAM Filtering. - Feature to get the report of all quarantined mails. - The URL with an underscore (_) is supported both in SQUID and the “geturlcategory” of WEBGUI. - Added more logging due to ICSA requirements - Added configuration for sending email notification. This will allow administrator to control the type of email notification that is being sent out. - Added logging for Webadmin access - Added option to log and drop fragmented packets - Added option for number of retries in VPN tunnel setting - Added more options to manage the SMTP Spam quarantine emails - Added more options to manage the Virus quarantine emails Fixes: ------ - Fixed PPTP connection problem. - Fixed URL Categorization and database corruption problem. - Generation of aide detection report for N/w Intrusion. - Fixed ip-aliasing problem. - Fixed creation of pppd.tdb file by PPTP server - Fixed problem when “access.log” file become very large - Fixed when Deleting bridge end point. It was not deleting the route entry. - Fixed IPSec Live connection display problem - Duplicate entries were displayed - Fixed internet access problem when IPSec bridge end point is removed - Fixed POP3 proxy when scanning a huge mail for virus and spam - Fixed SPAM LOG display problem for the last 30 days logs as well as rotated logs - Fixed Anti-Virus early expiry Notification - Fixed RouteFinder IPAddress listed in the ORDB Server. The fix to this problem is to add *@*@ in the bad patterns in the sender/recipient. - The iptable rule in SKIP_REDIRECTION chain for a road warrior scenario in ipsec should have the remote_gateway ip as the destination address instead of 0.0.0.0/32. - Fixed - Fixed DNS proxy from writting too many log entries - Fixed custom URL filter to allow access when words in the URL link that belongs to a particular category Changes, Bugs Fixes in Version 3.12 (June 9, 2004) ================================================== Fixes: ------ 1) Fixed problem with cron jobs not working after upgrading from 3.10 to 3.11 2) Fixed clean up spam quarantine mail when the number mails in the list is large. Changes, Bugs Fixes in Version 3.11 (May 22, 2004) ================================================== Changes: -------- 1) Support upgrade for older RF600VPN hardware with serial number less than 9337635 Fixes: ------ 1) Fixed problem when adding and deleting URL categories 2) Fixed http access and rejects reports. The reports were missing some of the days 3) Fixed problem in the hourly Virus pattern update. 4) Fixed POP3 proxy virus scan hangs problem When the email contains more than 255 characters on one single line 5) Fixed can not enter @* in the bad pattern for sender / recipient within the spam filter setup page 6) Fixed hanging problem when restarting using Webadmin 7) Fixed clean out old spam mails problem when disk reaches 80% full 8) Fixed DNS proxy settings in webadmin UI. After adding WAN and DMZ into the Interface to listen to, you can NOT remove them. 9) Fixed disk full problem by checking and removing .tar files in the / directory Changes, Bugs Fixes in Version 3.10 (Feb 20, 2004) ================================================== Changes: -------- 1) Ipsec using X.509 Certificate 2) Ipsec DES encryption 3) Ipsec AES encryption 4) IPsec using UID (support VPN behind a NAT device) 5) IPsec using FQDN (support dynamic to dynamic) 6) Netbios broadcast over IPsec 7) Route all traffics through the VPN tunnel (including internet traffics) 8) remote sites can communicate with each other through VPN via the central site. 9) PPTP pass-thru 10) Dynamic DNS client 11) Email spam filtering based on the following: - Real Time Black List Check (RBL) - white list - Sender Black List - Recipient Black List - Check For NULL Sender - Reverse DNS lookup Test - Bad Patterns In Sender/Recipient Address - Filter Attachments (Enter the file extension) - Filter based on Message Expression 12) More configuration options for URL content filter: - Use the new Surfcontrol SDK 4.x - Block and Unblock by creating custom URL list so you do not have to submit URL to surfcontrol for review. - Find out which category a particular URL belongs to 13) history of calls for PPTP 14) Log display for DHCP server 15) Better Log display for SMTP traffics 16) Better Log display for SNORT intrusion detection 17) Ethernet Mac address filtering 18) display virus and spam emails that are Quarantined 19) new linux kernel 2.4.20 20) Accounting based on individual IP address 21) Accounting based on VPN tunnel 22) customize port other than port 22 for SSH access 23) Intrusion detection can be enabled on each interface (LAN, WAN, DMZ) 24) Web UI option to clean HTTP proxy cache 25) Web UI option to clean SMTP proxy queue Fixes: ------ 1) Fixed pop3 email hanging problem when POP3 proxy is enabled. 2) Fixed PPPoE so it does not reconnect everynight during log rotation 3) Allow entering domain name ending with .info in Webadmin Wizard Setup 4) Fixed some web pages access problem when HTTP proxy is enabled Changes, Bugs Fixes in Version 3.05 (July 14, 2003) =================================================== Processes restarted and changes that will be done to the existing configurations: --------------------------------------------------------------------------------- 1. SNORT will be restarted. 2. If SNORT rules update is in progress, it will be stopped before the system update. Changes: -------- 1. SNORT binary and rules have been updated to the latest version (Version 2.0) 2. The weekly snort rule update has been removed. 3. The port scan livelog does not show the protocol used for scanning. 4. new /etc/cron.daily/tmpwatch is executed after update to 3.05 version. Fixes: ------ 1) Fix SNORT vulnerability 2) New weekly update rules were not compatiable with Old version of SNORT 3) new /etc/cron.daily/tmpwatch file to clean up /tmp directory Changes, Bugs Fixes in Version 3.03 (May 21, 2003) ================================================== Processes restarted and changes that will be done to the existing configurations: --------------------------------------------------------------------------------- 1. SOCKS proxy will be restarted. 2. PPTP will be restarted. 3. IPSec will be restarted. 4. Kaspersky’s Antivirus daemon will be restarted. 5. DHCP server will be restarted. 6. If DHCP server is enabled and a rule is present for that in ALLOW_PORTS, the rule will get deleted and two rules will get added, one in AUTO_INPUT and one in AUTO_OUTPUT chains. 7. IPSec The AH and ESP keys for manual connections have been changed such that user has to enter ascii values instead of hexadecimal numbers. If there are there are already existing manual connections, the AH and ESP keys will be intact. But, if these connections are edited and saved and if the keys get mapped to ascii characters which do not fall in the <32 – 127> range, it will give problems. However, users can reenter the keys in ascii and save them. Changes: -------- 1. Mail notification is sent when WAN Ethernet is down and dial backup is activated and vice versa. 2. An option to save backup file to local drive has been provided in the Tracking -> Backup page. 3. The AH, ESP (encryption and authentication) keys cannot be entered as hexadecimal numbers any more. They have to be entered as ascii characters. Fixes: ------ 1. Yahoo messenger was not working with SOCKS proxy version 5 and authentication enabled. Fixed the problem. 2. SOCKS log messages include details about the data that is being transferred. Removed printing those log messages. 3. In SMTP Proxy -> SMTP routes, an entry adldata.com cannot be added if there is an entry mail.adldata.com already present. 4. Kaspersky’s configuration files has been included in backup 5. 255 was not allowed in the second and third octets of IP addresses. That has been fixed now. 6. The IP address of pppd shown in ps aux was not matching with pptpuser file 7. pptpd was getting restarted suddenly. Fixed the problem. 8. IPTable rule for DHCP was not present by default even if DHCP server is enabled by default. Added it. Also, if DHCP server is enabled and if the rule is not present, it will be added now. 9. DHCP server was not giving DNS address to clients if DNS proxy is enabled in RF660. 10. PPP dial backup - If the backup link is up, and at that time, factory defaults are restored, the changes are not happening properly. This has been fixed. 11. SMTP proxy stops working after virus key expires. This has been fixed. 12. IPTables was getting wiped out in some machines suddenly. 13. Connecting from a Win XP PPTP client to a SQL database in the PPTP server’s LAN was not working properly because of MTU problems. That has been fixed. 14. IPSec tunnels do not come up properly after IPSec subsystem restarts Pluto – this has been fixed. 15. IPSec “DH secret has leading zero….” Problem – fixed. 16. Restarting gets stuck (problem with removing the ip_conntrack module) – fixed. 17. Virus database update – the last update, execute time was not getting displayed properly. Fixed this. 18. The validation checks for PPPoE user name have been removed. Except for <, >, “, anything can be configured. The length of the user name has been fixed to 50 characters. 19. Changes in factory defaults for the above. Changes and Bug Fixes in Version 3.02 (March 19, 2003) ====================================================== NOTE: After update 3.02 is completed, if you have DNS proxy enable, you must disable and enable DNS Proxy manually. Processes will be restarted and changes that will be done to the existing configurations: ----------------------------------------------------------------------------------------- 1. IPTable ALLOW rules for ports 2049 (NFS), 2401 (CVS), 113 (identd), 139 (NetBIOS), 1812-1813 (RADIUS), 69 (TFTP) will be removed from the chain ALLOW_PORTS. Instead the rules for ports 2401, 139, 1812, 1813 will be added in the AUTO_OUTPUT chain. This is to send CVS, SMB authentication, RADIUS packets from the RF660. 2. If Virus Scanner is enabled, the REDIRECT rule for POP3 Virus Scanner will be moved to the first position in the DNAT chain. Changes: -------- 1. Special characters are allowed in the passwords for Root user, SSH user, Webadmin user, PPP, PPPoE, CVS, other users (in user authentication page), and RADIUS secret. 2. Before stopping IPSec, the Pluto database is cleared of all connections. 3. Packet Filters - Added a configurable option to enable / disable logging of packets that are destined to the RF660 and are discarded. This will allow packet filter livelog to display all the packets that are being dropped 4. Logon page - The logo and version number in the initial logon page can be displayed / hidden with a configurable option in the Administration -> Web Admin page. Fixes: ------ 1. IPTable ALLOW rules for ports 2049 (NFS), 2401 (CVS), 113 (identd), 139 (NetBIOS), 1812-1813 (RADIUS), 69 (TFTP) will be removed from the chain ALLOW_PORTS. Instead the rules for ports 2401, 139, 1812, 1813 will be added in the AUTO_OUTPUT chain. This is to send CVS, SMB authentication, RADIUS packets from the RF660. 2. 0 was not allowed in the 2nd and 3rd positions of the IP address for Gateway, WINS address, SAM PDC, SAM BDC, SMTP Proxy->SMTP routes. Fixed it. 3. Fixed a validation problem for Accepted Incoming Domains in SMTP Proxy. 4. Services: - In Services page, the source port for DNS and SSH has been changed from 1024:65535 to 1:65535. - While editing a service and changing the protocol, the ports will vanish. Fixed this problem. Now, for TCP, UDP, TCP+UDP is a group and AH, ESP is a group – if the services is edited and the protocol is changed within a group, the source port and destination port fields or the SPI values will remain intact - Changed the alert message displayed if the service name added already exists in the services / service groups lists. 5. After update 3.01, PPTP had to be restarted from web GUI for adding users in the local database. Fixed the problem. 6. If DHCP client is not able to get an IP address, after it finishes trying, the IPSec route for eth1 was getting removed. Fixed it. 7. Virus Scanner - Two separate controls have been added for - SMTP Virus scanner - POP3 Virus scanner in the Proxies->SMTP Proxy->Virus Scanner section. 8. POP3 Virus Scanner’s redirection rule has been made such that it will have high precedence over DNAT rules. (It will always get added in the first position) 9. After update 3.01, the ownership of the ICMP services file was changed. So, while adding ICMP services, error messages were getting displayed. Fixed it. 10. Version Control - Clearing the options was not being allowed. Now it is allowed. 11. PPPoE is enabled and it is not able to get an IP address. Now, restart the box. After coming up, the gateway and IP address for WAN entries in the Network Setup are in non-editable format. Also, while monitor is trying to get an IP address, at those times, the gateway and WAN entries will be in non-editable format. 12. Factory default values changed for the above. The IPTable rule file in factory default did not have entry for the SQUID_DROP chain. Added it. Also, if it is not there already in IPTables, it will get added now. The entry for POP3VSCAN was not there in the factory default process status file. Added it. Changes and Bug Fixes in Version 3.01 (March 3, 2003) ===================================================== Processes will be restarted and changes that will be done to the existing configurations: ----------------------------------------------------------------------------------------- - PPTP daemon will be restarted. All the existing connections will be brought down. - DHCP client will be restarted. - SurfControl server will be restarted. - Existing IPSec connections with Local Subnet as ‘Any’ or ‘none’ Remote Subnet as Any will be removed. - After this update, only one authentication type can be selected for HTTP Proxy and SOCKS Proxy authentication. So if 2 or 3 authentication types have been selected already (before the update), the first authentication type alone will be enabled and the others will be disabled. So, HTTP Proxy and SOCKS proxy will be restarted. - ICMP Packet filter rules with the following codes will be removed Network Unreachable - Protocol Unreachable. - This is because, already if there is any rule added, it would not have got really added in the IPTable rules. - ICMP Packet filter rules with the following codes will be removed - time-stamp-request - time-stamp-reply - network-unreachable -> host-isolated as they are obsolete. - Existing Network Intrusion Detection rules with Destination IP Address as ‘Any’ will be removed. Changes: -------- 1. SARG report generation has been moved from cron.fivemins to cron.hourly 2. PPTP - Static IP address assignment support for users. 3. Networks & Services - Services - The Protocol “ANY” has been removed from the Services page. This is because, already a static service ‘Any’ is there with ports 1-65535. There is no meaning having one more user-defined service with protocol “Any”. If protocol is “Any”, then the port numbers configured will not have any meaning. 4. IPSec - When adding new or editing existing IPsec connection, connections cannot be added with Local LAN = Any, local LAN = none or Remote LAN = Any anymore. 5. HTTP Proxy - HTTP proxy authentication will now allow only ONE type (local or Radius or SAM) 6. SOCKS Proxy - SOCKS proxy authentication will allow only ONE type (local or Radius or SAM) 7. Network Intrusion Detection - The entry Any from the Destination list box has been removed. This is because, it adds up to logging a lot of messages and the box becomes very slow. 8. DNAT - ‘Any’ has been removed from the pre-destination network. 9. Backup - The length of the comment field in the backup page has been limited to 100 characters Fixes: ------ 1. Statistics & Logs – SMTP Proxy - If you select from left side menu once and click again on same (SMTP proxy) it will give error. Fixed this. 2. URL Categorization filters – a memory leakage problem has been fixed. 3. URL Categorization filters - The check for memory percentage has been removed from the five minutes cron job. 4. PPTP - PPP CPU % was going high if client disconnect is not proper. After that, no other connection will be allowed. Fixed this problem. 5. PPTP – An extra log option has been removed from /var/chroot-pptp/etc/ppp/options file. 6. Networks & Services – Services - Click on edit of one service and then again click on edit of another service to edit the next service. The new edited second service becomes the first service. Fixed this problem. 7. Network Groups / Service Groups - The same service / network was not getting added in two different groups. Now it can be added. 8. System Updates - If no update is to be done, the message shown in the update livelog is wrong. Also, if the signature check for any rpm fails, the update was going on in an infinite loop. Fixed these problems. 9. System Updates - After a system update, File Integrity Check Module was sending a mail, it is not supposed to send. Fixed it. 10. Virus Update - After the update from 2.94a to 3.0, the virus update date and time were not getting displayed in the web GUI. Fixed it. 11. SSH - If there are SSH connections to the box, and if main sshd gets killed, self monitor was not restarting sshd. Fixed it. 12. IPSec - If for some reason Pluto gets killed, monitor should be able to restart IPSec 13. Log rotate – The virus scanner’s log file kavscan.rpt has been included in logrotate. 14. Packet Filters - Packet filter rule with service as "ICMP as Network Unreachable and Protocol Unreachable" was not getting added. Fixed this. 15. Packet Filters – Packet filter rules with ICMP time-stamp-request, time-stamp-reply, network-unreachable -> host-isolated were not getting added as they have become obsolete. Removed those options from the Services page itself. 16. DHCP client - If the IP address is changed during renewal, the configuration files were not getting updated properly. Fixed it. 17. Web Admin Site Certificate – Now, spaces are allowed for State, City, Company, Organization unit. 18. Web GUI - The GUI has been made faster as File Integrity Check calls have been optimized. 19. Backup – The version file has been added in backup. 20. Backup - After importing backup, the folder /home/multiweb was getting deleted. Fixed this problem. 21. Backup - If comment is not given while taking backup (from the web GUI), the importing of that backup file was giving a version error. Fixed it. 22. Backup - After the number of backup files to be kept in the firewall reaches the maximum number configured, and then if the date is changed to past, the subsequent backups were failing. Fixed this. 23. Certain domains were not getting added in the Accepted Incoming Domains field – Fixed the validation problem. 24. 0s were not getting accepted in the 2nd or 3rd fields of the WINS IP address – Fixed the validation problem. 25. DNS Proxy – The admin mail id in the default zone file has been changed to admin@yourdomain.com. 26. POP3 Virus Scanner - Included POP3 Virus scanner in self monitor 27. Packet Filters – ICMP – ICMP on firewall - If ICMP is disabled for LAN or DMZ, DROP rules were getting added for WAN also. Fixed this. 28. Changes in factory default for the above. Also, after restoring factory default, the /home/multiweb directory was getting deleted. Fixed it. Support Options =============== For technical support, you may contact your authorized Multi-Tech Systems distributor, dealer or the following Multi-Tech Systems branch offices. U.S.A. Web Site: www.multitecch.com FTP Site: ftp.multitech.com Tel: +1(763)785-3500 Fax: +1(763)785-9874 U.K. Tel: +44(118)959-7774 Fax: +44(118)959-7775 France Tel: +33(1)6461-0981 Fax: +33(1)6461-0971 India Tel: +91(11)6174-634 Fax: +91(11)410-5968 Copyrights, Trademarks ====================== All documents and software provided herewith are Copyright (c) 2003 Multi-Tech Systems. All rights reserved. MS, Windows, Windows 95, Windows NT are tradenames of Microsoft Corporation. Other trademarks or tradenames used herein are properties of the respective owners.