protector 24-5-release-notes
DESCRIPTION
http://www.secpoint.com/protector.htmlTRANSCRIPT
SecPoint® Protector 24.5 Firmware Release January 2014
ProtectorTM Unified threat management
http://www.secpoint.com/protector.html
Copyright © 1999-‐2014 SecPoint® Page 2 of 7
Protector 24.5 Firmware release
Protector 24.5 January 2014
-‐ Traffic Shaper This function is available through the new menu item “Traffic Shaper”. It allows to shape the outbound traffic depending on your needs. You can choose to give some computers in your LAN or some type of traffic a higher priority and a minimum guaranteed bandwidth, slowing down low-‐priority traffic (e.g. web surfing) when the need for bandwidth from critical services (e.g. Mail) is higher.
On a Protector connected in bridge mode, traffic can be shaped independently on each network card.
To define a traffic shaping on a network card, you should first enter the max. bandwidth available on that card, then you can start defining traffic Classes. To each Traffic Class it’s possible to associate a type of traffic (by IP, port, protocol) and a minimum bandwidth. You can also choose to let the class borrow some bandwidth from other classes when they are not using theirs. To do this, use the slider on the line of the Class. A class can borrow bandwidth up to the whole bandwidth available on the network card.
Copyright © 1999-‐2014 SecPoint® Page 3 of 7
Protector 24.5 Firmware release
To select the minimum bandwidth for each class, use the “Minimum Rate” slider. Here the blue line represents the whole bandwidth, and to change the minimum rate assigned to each class, you can simply move each slider to the right or left.
When you create the first class, the Protector will automatically create a default class, which is designed to collect all unshaped traffic. A default class must always exist, and since it is a “catch-‐all” class, no filters can be created on it.
In the Edit window, that appears when you create or edit an existing class, you can select the type of filter, the direction and a priority.
The direction defines whether the filter will be active on traffic coming from that IP/port or going to it. In the example above, the direction is “Destination”, which means that the selected CIDR is the LAN.
The priority defines in which order classes will be served. This is useful when, for example, there is an IP overlapping between two or more classes.
In any case it is important to remember that traffic shaping is possible on outgoing traffic only.
-‐ Web Filter Control Panel
To simplify the Web Filter management, we have added a Control panel at the bottom of the Setup page. This will give an
Copyright © 1999-‐2014 SecPoint® Page 4 of 7
Protector 24.5 Firmware release
immediate overview of the status of the Web Filter and allows to start/stop it.
When a change is made to any parameter, the Web Filter, if already active, will automatically be restarted with the new settings, showing its status in the Control Panel, as in this image.
Furthermore, we have improved the information on how to connect to a LDAP server, such as a Microsoft Active Directory, to populate your
Web Filter groups automatically and enable proxy authentication. Just click on the “LDAP Information” link in this page and follow the instructions.
-‐ Exchange Server support
In the Domain User Management, that you can find in this menu, you can specify the list of users entitled to receive emails. You can also fetch users from your LDAP server. We have increased the LDAP compatibility in order to support Microsoft Exchange Server, besides previously supported servers like Microsoft Active Directory and OpenLDAP.
In this page you can read all information about LDAP support by clicking on the link shown here. In the Active Directory Connection page, available through this link and through the SMTP menu (see picture above), you can read more instructions on how to setup LDAP parameters to connect to an Exchange Server or to an Active Directory Server.
Copyright © 1999-‐2014 SecPoint® Page 5 of 7
Protector 24.5 Firmware release
-‐ RBL Check
You can select Reputation Block Lists in the Anti Spam menu. In this page, you can select pre-‐defined levels or go to the Advanced Settings page, which allows to activate
specific RBL lists to be chosen in a set of pre-‐defined official lists.
When the protector receives an email, it will connect to each RBL server, but if for any reason this connection is slow or cannot be established, every mail check will take a long time, with the consequence to easily
increase the length of the incoming mail queue and the delay time before each email is delivered. To avoid this, whenever an RBL server is added or removed from the list, the Protector will try to connect to each server and will show the following text when the connection is successful.
Upon an unsuccessful test, you should review your network settings by changing the primary and/or secondary DNS. If this is not possible, the RBL feature should be disabled.
-‐ Spam Learn
A new feature allows to automatically add a sender’s email address or domain to the blacklist or whitelist when a mail is marked as spam / non-‐spam. If you go to the Anti-‐spam menu and edit the mail, you will see a new list of actions, as in the picture below, from where you can select the action that most fits your needs.
Copyright © 1999-‐2014 SecPoint® Page 6 of 7
Protector 24.5 Firmware release
And…
Spam max size: New option to set the maximum size of an email above which it will be always treated as not spam
Domain User Management: When users are added to this list, the mail servers are automatically whitelisted
Antivirus: when a new license is loaded, the antivirus is automatically enabled
SMTP checks: If there are no mail settings, SMTP checks are disabled, to avoid an improper Not Good status. SMTP checks have been tuned, when a smart-‐host / smart-‐port relay have been set, to avoid an improper Not Good status.
Internet Explorer: Improved compatibility with IE, especially for the unit initialization, the module start/stop on the home page, and the appearance.
Web Filter Categories: When the list of categories is updated, once a week, the category names are updated as well, to avoid to see N/A as category name when a web page is blocked.
Spam Filter Rules: New FuzzyOcr parameter added to the web interface, so that it can be disabled when needed, to allow disabling spam checks based on image content
Hard Block Listing: It is possible to enter CIDRs, to simplify the hard block of an entire subnet
SMTP Authorization: The password is no longer displayed in clear text
Menu Organization: The Network menu has been moved under System; Reboot and shutdown have been unified to the same page; Better description of some menu items (LDAP, MCP etc.)
Videos: New link to the latest available firmware video, new link to all SecPoint's videos on Youtube, new button to remove the link to the current firmware video. The link will appear again when a new video is available or at next firmware update
Aspect: Avoid error messages be displayed in the Module Control Panel; removed the white line at the bottom of the login image; avoid the system Messages column to overlap the Module Control Panel when the Alert values are too high; new grey bottom for the login page; error messages on wrong logins displayed in the page itself instead of a blank page; menu box loaded at the same time as the menu content, to avoid showing an empty box while the page is loading; different display order of items in the Module Control Panel, based on their importance
Copyright © 1999-‐2014 SecPoint® Page 7 of 7
Protector 24.5 Firmware release
System and Performance: New restartable/failproof downloader to download firmware and dictionary files; new script to check for the web server to run correctly; better synchronization of modules and less resource consumption in the Module Control Panel; firmware information sent to the default SecPoint server even if the update server has been changed; factory reset does not reset the unit's ID, to avoid forcing users to initialize the unit again
Descriptions: Better explanation of the difference between TLS support and STARTTLS; better description in the list of Database Update Frequency, to add the number of times a day it's launched; LDAP description improved in Web Filter and Mail, to inform about Microsoft Active Directory and Exchange Server
Bugfix: when the spam language is different from default, it was impossible to alter the signature files