Clavister Firewall Changes from v7.03.00 to v7.03.01

Release date: 2002-08-08 [ISO]

The major new features of Clavister Firewall v7.03 from v7.00 are:

  • State-synchronized High Availability option released (7.01)
  • Built-in Intel EtherExpress PRO/100 drivers (7.01)
  • DHCP client support, e.g. configure the external interface via DHCP (7.02)
  • DNS resolution of firewalls in Firewall Manager (7.03)
  • Support for NICs with "sundance" chipset, e.g. D-Link DFE580TX (7.03)
  • Improved interface naming and descriptions available through SNMP (7.03)
  • Rudimentary traceroute support added (7.03)

    Version 7.03.01 contains bug fixes to the Firewall Logger and the Firewall Manager. None of the bug fixes are considered critical nor major.

    The upgrade package contains v7.03.00 firewall cores -- there are no changes to the core from v7.03.00 to v7.03.01.

  • New files installed by v7.03.01
  • Firewall Manager Bug Fixes
  • Firewall Logger Bug Fixes

    • For future reference: This document is stored in the "Docs" sub-folder of your Firewall Manager install folder.

    Change logs / release notes for earlier versions of Clavister Firewall are available in the release notes section of www.clavister.com/support.

     


    •  New files installed by v7.03.01                

    This is a list of the files that are new to the v7.03.01 release.
    The following paths are relative to your Firewall Manager install folder and are installed by the "cfw_7_03_01.eup" package.

    • Docs/Changes-7.03.00-to-7.03.01.htm
      This document.

    • FWMgr7.exe
      This is the v7.03.01 Firewall Manager. Earlier version 7 Firewall Managers will be overwritten. Version 6 Firewall Managers (if installed) will not be overwritten, as they are named "FWMgr6.exe".

    • Cores/fwc_703.exe
      This is the v7.03.00 standard firewall core. Upload it to your existing (standard) firewall, or create new boot media with it.
      Note: There is no v7.03.01 firewall core.
      Note: VPN and HA firewalls should, as always, use the respective VPN/HA core file, below.

    • Cores/fwc_703v.exe
      This is the v7.03.00 VPN firewall core. Upload it to your existing (VPN) firewall, or create new boot media with it.
      Note: This file is not installed by the standard installation package, as only licensed users have access to it. Rather, it is available as a separate installation package (typically a Clavister Upgrader package).
      Note: There is no v7.03.01 VPN firewall core.

    • Cores/fwc_703h.exe
      This is the v7.03.00 HA firewall core. Upload it to your existing (HA) firewall, or create new boot media with it.
      Note: This file is not installed by the standard installation package, as only licensed users have access to it. Rather, it is available as a separate installation package (typically a Clavister Upgrader package).
      Note: There is no v7.03.01 HA firewall core.
    The following paths are relative to your Firewall Logger install folder and are installed by the "fwl_7_03_01.eup" package.

    • FWLogger.exe
      Clavister Firewall Logger v7.03.01.
      Note: The "fwl_7_03_01.eup" package should be installed on your log receiver server rather than on your management station(s).
     


     Firewall Manager Bug Fixes                

    • Could not remotely change the point-of-contact IP address of a firewall
      Issue: If the firewall IP address currently used for talking to the firewall was changed, the Firewall Manager would not detect that it had changed.
      Results: Changing the point-of-contact IP address remotely would fail, as the firewall manager would not attempt to contact the new IP address. The firewall would fall back to its previous configuration after the bi-directional confirmation timeout (typically 30 seconds).
      Affects: Firewall Manager v7.03.00 only.
      Fixed: Fixed in v7.03.01.
     


     Firewall Logger Bug Fixes                

    • Old logs were not removed for some firewalls
      Issue: The Firewall Logger should remove logs older than a user-settable number of days. This worked as expected when logs were received from only one firewall, but if the logger received log data from multiple firewalls, some firewalls would not have their log history cleaned.
      Results: The server receiving the logs could run out of disk space on the disk where logs are stored.
      Mitigating factors: Manual clean-up is fairly straightforward as the log files are ordered in separate directories according to firewall name, year and month.
      Note: When the fix is installed, the excessive log data won't go away all at once, as the Firewall Logger will only remove two days of log data at a time per firewall. This is to avoid immediate destruction of all log data in case of a configuration mistake.
      This means that if you have 100 days of excessive log data, it will take 100 days before the log data set is reduced to what it should be.
      Affects: Firewall Logger v6.00.00-v7.00.00.
      Fixed: Fixed in v7.03.01.