Follow

10.4.7

Ecessa Firmware Notes
Version: 10.4.7
Release Date: 2015.01.16

New Features
No new features in this release.

Improvements
1. ‘diagnostic ping’ is now continuous.

Changes
1. WAN Virtualization default ppp timeout from 52 ms to 16 ms.
2. Validate One-to-One NAT ranges
3. Do not allow ‘0.0.0.0/0’ (all) destinations for Static Routes that have the VPN checkbox selected.

Fixes
1. Cisco IPSec VPN compatibility for multiple subnets negotiated via IKEv1.
2. Disabling a VPN SA does not disable on backend if it is currently in a ‘connecting’ state.
3. Adding a new WAN would ignore Uplink/Downlink speeds.
4. DHCP Advanced Options would be cleared when activating the LAN page.
5. Activating on DHCP Advanced Options page would cause a crash.
6. Clicking activate on the ‘Services’ page would return a HTTP 500 error if there were 10 or more WANs.
7. Translucent mode WAN not blocking when set to ‘Spare’.
8. VTI VPN Static Route not correctly populated when a regular IPSec VPN has the same remote endpoint.
9. SNMP OID VpnSaStatus always reports down.
10. Statistics not being collected in certain cases.
11. Deadlock occurring when disabling ‘User Defined Path’
12. Potential crash when adding a logical VLAN port via the CLI.
13. Ecessa sending TCP RST packets for broken TCP implementations being routed through the device.

Security
1. Update OpenSSH to 6.6.1p1 - [CVE-2014-2532]
2. Update Lighttpd to 1.4.35 - [CVE-2014-2323]

Known Issues
1. ‘Active Failover’ does not work with VTI VPN.
2. Cannot use Static Routes to define failover precedence between two VTI VPN’s that have the same remote endpoint.
3. Poor WAN connections that have a particular packet loss pattern will see latency spikes up to seconds of delay across WAN Virtualization. Fixed in 10.5.1
4. WAN Virtualization Session Load Balanced Static Routes will not route symetrically. This can result traffic being routed out a WAN. Fixed in 10.5.1
5. When WAN Virtualization Compression is used, WAN Virtualization Static Routes are ignored. This includes the default Load Balance static route. All traffic will follow the Aggregation behavior for available tunnels.
6. dhcp-helper (CLI only) settings cleared when ‘Services’ page is activated.
7. dhcp-helper and LAN DHCP server cannot run at the same time.
8. Disabling a bridged Static Route does not remove the underlying rule.
9. DHCP Discover packets are blocked by the firewall instead of being relayed by dhcp-helper.
10. WAN Virtualization site-to-site traffic can be blocked by the firewall.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.