DNAT: Ability to use additional WAN IPv4 addresses
DNAT rules can now specify a custom IPv4 address to bind the rule to. This works when a single uplink of type “Static” is selected for the rule.
S24 fan profiles
A new UI option allows to select a fan profile for the S24. The “desktop” profile tries to keep the S24 as silent as possible while the “rack” profile tries to achieve maximum ventilation.
Several ClassicVPN improvements
- Authentication with X.509 certificates has been added. It is possible to authenticate remotes by CA signature or pinned certificate. It is also possible to specify a specific local certificate and key.
- Local and remote endpoint IDs can now be overridden with generic values.
- All IKE and IPSec encryption settings can be customized.
- Tunnels can be bound to a specific uplink.
- The automatic fallback policy has been removed for newly created connections. It is still active for existing connections for backwards compatibility reasons. Please review if the fallback policy is required and disable it if not. Please note that it cannot be re-enabled once it has been disabled.
S24 SFP+ port speed configuration
It is now possible to force the link speed to 1G or 10G on S24 SFP+ ports.
Prevent unintended factory reset
The factory reset behavior of all hardware appliances was changed to allow a factory reset only 10 minutes after powering on the appliance by pressing the reset button for 10-20 seconds. Once this period is over a factory reset cannot be triggered anymore.
Updated kernel network & wireless stack
- Updated wireless stack to improve performance & robustness (AP3 AP5 AP5r G50w).
- Updated the system kernel to fix various instabilities.
- Generic system hardening to mitigate some generic attacks on all appliances.
Improved VPN tunnel reconfiguration
Adding/removing VPN tunnels does not cause a downtime on other VPN tunnels anymore.
Improved GUI rendering and usability
- Replaced “Full overlay” mode with a “Partial overlay” viewport mode. This will keep part of the table visible so selection can still be changed.
- Added menu hiding when horizontal space is low
- Added collapsing some of the top navbar elements when horizontal space is low.
- Added keyboard support for navigating object tables and tabs in detail view. Use WASD or Arrow keys to navigate vertically or horizontally between objects and tabs. ESC will close the detail view.
Updated the Ocedo Agent for Windows
The Ocedo Agent (for Windows) has been updated and a new installer is available for first-time users. The installer package is branded for your Organization and can be downloaded from the Agent tab within the Organization menu. Existing installations will be updatedautomatically.
- Windows 10 Support (64-Bit)
- UI now allows to temporarily disable the VPN without stopping the Service
- Switch routing mode from split-tunneling to default-route via UI
- DNS resolution for internal names
- Fix wake-up/resume behavior
- Improved on-/offsite detection with greatly reduced network traffic
Smaller Additions Improvements and Bugfixes
- Added DTIM period configuration for SSIDs
- Added PoE device class and PSE temperature to PoE port information
- CPU load statistics are more accurate now.
- Display source IP in blocked connections log
- DNAT reflection is now configurable and will include extra rules for the external IP address when an upstream router does additional NAT
- Fix “G50″ showing up as “G50 WiFi”
- Fix a bogus network collision warning when using the same local 1:1 NAT network for different ClassicVPN tunnels
- Fix WiFi client display to include correct IP address
- Fix wrong initial zoom level for the portal pages on iOS9
- Fixed “Show hidden devices” in the unregistered devices view.
- Fixed a bug that would cause configs without uplinks being pushed to gateways
- Fixed a bug that would cause static routes not to work if the source zone had IPv6 and an IPv6 GW was not specified
- Fixed a bug where firmware updates sometimes had to be applied twice causing a longer then necessary downtime.
- Fixed an issue where RSTP would block all ports after booting up
- GUI will now display temporary “connection lost” information when controller can’t be reached
- Improved autotrunking stability.
- Port MAC listing: Group MACs by VLAN. Also correct the MAC count on the ports table to show unique MACs on the port.
- Realm GUI: Added an organization rights overview table in the admin detail view.
- Sort object selection lists lexically (within object classes)
- Support for the S12 switch (BETA)
- The endpoint IP selection used for AutoVPN connections is now configurable per-uplink.
- VMare SCSI support for lsilogic lsisas1068 and pvscsi
Thank you, your comment successfully submitted
your comment has been submited, it might take a while to be moderated.