Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

genuscreen Version 4.0 Release Notes

2
NEW FEATURES IN GENUSCREEN 4.0
genuscreen 4.0 Release Notes
Information on the genuscreen 4.0 product family is available in these release notes.
Please read this document carefully! You are advised to install this upgrade, as this release both resolves
various problems, and provides new features.
Important, please read!
We strongly recommend performing a configuration backup of your genuscreen system BEFORE upgrading.
Detailed instructions on how to perform this upgrade are available in section 3 of these release notes.
1
Scope of Delivery
With the current genuscreen version 4.0 you have received:
• These release notes
• An ISO image of the installation CD-ROM.
The image is also available for download on the GeNUA webserver in the GeNUCenter customer
area:
https://www.genua.de/customer/gs_support/release_download.en.html
2
2.1
New Features in genuscreen 4.0
New Features
SNMPv3 Support for SNMPv3 including encryption and authentication has been implemented (user
based security model USM). Authention requires configuration of an SNMP user and password
in the GUI. For supported MIBs, see the chapter “Practical Examples” in the product manual. A
usage example:
• MIB download
$ mkdir /mymibs && cd /mymibs
$ curl -kO https://gate1/GENUA-MIBS.zip && unzip GENUA-MIBS.zip
• snmpwalk configuration
$ export MIBDIRS=$HOME/mymibs:/usr/local/share/snmp/mibs
$ export MIBS=GENUA-SNMPD-CONF
• Display all data available via SNMP:
$ snmpwalk -v3 -l authPriv -u exampleuser -a sha -A test1234 -x aes -X test5678 -c public
gate1 .1.3.6.1
Improved filter rule GUI The filter rule GUI was revised. The criteria for packet filtering have been
clearly separated from the subsequent actions. In addition, NAT and filter rules can be defined at
the same time.
GENUSCREEN
4.0 R ELEASE N OTES
Page 1 of 4
2
NEW FEATURES IN GENUSCREEN 4.0
Support for Quality of Service Quality of Service (QoS) now is supported to handle data traffic with
priority flags. This is especially important for Voice over IP (VoIP).
Filtering for ToS values Configured rules now can filter for ToS values and/or modify packets accordingly.
NAT 64/46 Address translation between IPv4 and IPv6 (in both directions) enable the use of NAT between both networks, which is especiallyi useful when migrating to IPv6.
DHCP on several interfaces (server) The DHCP service now can run on several interfaces and provide DHCP information.
NTP server The NTP service now can run on the appliance itself and supply network time to the LAN.
Our implementation can also provide network time without having received time updates (optional).
Dynamic DNS The service providers dyn.com and no-ip.com now can be used to update dynamic DNS
entries for PPPoE interfaces and ensure external accessibilty even without a static IP address.
Sandboxing The services opensshd, isakmpd, sasyncd now run in a sandbox. This decisively increases security, as even a compromised service has has minimal priviledges to access the system.
isakmpd isakmpd now uses elliptic curves for markedly faster key negotiation (optional).
2.2
Operating System
• Improved performance (throughput and loss rate) for L2TP(/IPsec) on unstable latency networks
(eg mobile)
• Improved IPv6 fragment handling
• Robuster carp(4) behavior
• Various IPv6 and rdomain related improvements for carp(4)
• Improved and more consistent ToS support
2.3
SNMP - supported MIBs
The following MIBs are supported:
• SNMPv2-SMI (RFC 3418) — The MIB module for SNMP entities
• SNMP-FRAMEWORK-MIB (RFC 3411)
• SNMP-USER-BASED-SM-MIB (RFC 3414) — The management information definitions for the
SNMP User-based Security Model
• IP-MIB (RFC 4293) — The MIB module for managing IP and ICMP implementations, but excluding
their management of IP routes
• IP-FORWARD-MIB (RFC 4292) — The MIB module for the management of CIDR multipath IP
Routes
Page 2 of 4
GENUSCREEN
4.0 R ELEASE N OTES
3
UPGRADE INSTALLATION
• BRIDGE-MIB (RFC 4188) — The Bridge MIB module for managing devices that support IEEE
802.1D
• HOST-RESOURCES-MIB (RFC 2790) — This MIB is for use in managing host systems
• IF-MIB (RFC 2863) — The MIB module to describe generic objects for network interface sub-layers
• UCD-SNMP-MIB — Private UCD SNMP MIB extensions
– load average
– disk I/O
• OPENBSD-BASE-MIB — The base MIB module for the OpenBSD project
• OPENBSD-CARP-MIB — The MIB module for gathering information about Common Address Redundancy Protocol (CARP) interfaces
• OPENBSD-PF-MIB — The MIB module for gathering information from OpenBSD’s packet filter
• OPENBSD-MEM-MIB — The MIB module exporting OpenBSD memory statistics
• OPENBSD-SENSORS-MIB — The MIB module for gathering information from OpenBSD’s kernel
sensor framework
• genua-MIB — The base MIB module for genua products; for example:
– fan status
– RAID status
– OpenBSD file table (number of open files)
– Swap usage
– Disc partitions (used and free disc space)
– Number of pf states (packet filter)
– Network interfaces (status, Ierrors, Oerrors)
– VPNs (Peer, Peer-IP, local subnetz, remote subnetz, status)
– Ping test stats (name and IP of the target, status)
– Appliance info (product, SW version, release, patchlevel, HW version, serial number, license)
3
Upgrade Installation
Any patchlevel of genuscreen 3.0 can be upgraded to version 4.0.
GENUSCREEN
4.0 R ELEASE N OTES
Page 3 of 4
4
HOW TO CONTACT US
3.1
Software
You can obtain the patches for the upgrade in different ways:
• Obtaining the patch from CD
The patch file S400 000.cpt is located in the root directory of the release CD.
• Obtaining the patch from the GeNUA website
You can also download the patch manually from the GeNUA HTTPS server. All patches are named
using the format SNNN MMM.cpt. NNN is the current release, MMM is the patch level for that
release. Please perform the following tasks to update release 3.0 to release 4.0:
1. In a browser, go to
https://www.genua.de/k/customer/gs_support/index.en.html
Alternatively, go to http://www.genua.de and click on Customer Service -> Internal Customers Area -> genuscreen Support.
2. Enter your license key, the old version number and patch level. Confirm by clicking ”download“.
3. Download the file S400 000.cpt
3.2
Backup the configuration
Choose S YSTEM → M AINTENANCE in the genuscreen GUI. Click on E XPORT CONFIGURATION and save
the listed file.
3.3
Install the release
Choose S YSTEM → M AINTENANCE in the genuscreen GUI. Specify the file S400 000.cpt in the
U PLOAD PATCH FROM FILE TO SYSTEM form field and press the upload button. The GUI will guide you
through the rest of the process.
3.4
Checksums
Checksums for the software compomemts are available at:
https://www.genua.de/k/customer/gs_support/checksums/index.html.
4
How to Contact Us
genua mbh
Domagkstrasse 7, 85551 Kirchheim near Munich, Germany
Phone: +49 89 99 19 50-0, Fax: +49 89 99 19 50-999
E-Mail: info@genua.de, WWW: http://www.genua.de/
 2012 genua mbh, Kirchheim, all rights reserved. genua, genugate, genucenter, genuscreen, genucrypt, genubox and genucard are registered trademarks of genua mbH.
Page 4 of 4
GENUSCREEN
4.0 R ELEASE N OTES
Related documents
Conduct Branch-I
Conduct Branch-I
Conduct Branch-I
Conduct Branch-I
1 - Computer Networks
1 - Computer Networks
IIADD - Project slide pack
IIADD - Project slide pack
Download